Page MenuHomePhabricator

sdwdateProject
ActivePublic

Members (1)

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity

Nov 6 2019

Patrick updated subscribers of T362: systemd SystemCallFilter= containment option seccomp hardening.
Nov 6 2019, 3:34 AM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix
Patrick closed T362: systemd SystemCallFilter= containment option seccomp hardening as Resolved.

This was done. If not, please create specific tickets where it isn't done.

Nov 6 2019, 3:34 AM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix

Jun 14 2019

Patrick added a project to T916: improve sdwdate connectivity check: whonixcheck.
Jun 14 2019, 11:40 AM · whonixcheck, sdwdate-gui, Whonix, sdwdate
Patrick created T916: improve sdwdate connectivity check.
Jun 14 2019, 11:37 AM · whonixcheck, sdwdate-gui, Whonix, sdwdate

Apr 14 2019

Patrick edited projects for T551: enter Whonix firewall timesync-fail-closed mode before suspend / enter Whonix firewall full mode after resume and clock-fix, added: Whonix 16; removed Whonix 15.
Apr 14 2019, 3:38 PM · Whonix 16, Whonix, sdwdate
Patrick closed T712: Improve /usr/share/sdwdate/unit_test as Resolved.

Good enough.

Apr 14 2019, 3:37 PM · Whonix, sdwdate, python, Whonix 15

Apr 12 2019

Patrick updated the task description for T850: sdwdate message tor consensus improvement.
Apr 12 2019, 3:59 PM · Whonix, Whonix 15, sdwdate
Patrick triaged T898: sdwdate - check file timestamp of Tor consensus file to detect stale Tor consensus as Normal priority.
Apr 12 2019, 3:59 PM · anon-shared-helper-scripts, Whonix, sdwdate
Patrick closed T850: sdwdate message tor consensus improvement as Resolved.

https://github.com/Whonix/anon-shared-helper-scripts/commit/9198d616889389aa4130e21265646a9d73934db1

Apr 12 2019, 3:56 PM · Whonix, Whonix 15, sdwdate

Apr 6 2019

Patrick closed T503: have sane built-in defaults even if config files are non-existing as Resolved.

https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/128e2312bf58a5c1cea3eecd74d1fa0a1a194b51

Apr 6 2019, 5:17 PM · Whonix 15, tb-updater, tb-starter, open-link-confirmation, rads, onion-grater (Control Port Filter Proxy), uwt, sdwdate, whonixcheck, whonix-ws-firewall, whonix-gw-firewall, Whonix
Patrick updated the task description for T503: have sane built-in defaults even if config files are non-existing.
Apr 6 2019, 5:17 PM · Whonix 15, tb-updater, tb-starter, open-link-confirmation, rads, onion-grater (Control Port Filter Proxy), uwt, sdwdate, whonixcheck, whonix-ws-firewall, whonix-gw-firewall, Whonix

Dec 7 2018

Patrick removed a project from T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes): Whonix 15.
Dec 7 2018, 12:06 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick assigned T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes) to troubadour.
Dec 7 2018, 12:06 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick removed a project from T533: iptables block network access until sdwdate succeeded: Whonix 15.
Dec 7 2018, 12:04 PM · Whonix, usability, whonix-ws-firewall, whonix-gw-firewall, iptables, python, security, enhancement, sdwdate-gui, sdwdate
Patrick removed a project from T629: fix sdwdate sigterm handling during remote_times.py get_time_from_servers: Whonix 15.
Dec 7 2018, 12:03 PM · python, bug, sdwdate, Whonix
Patrick removed a project from T387: Qubes-Whonix-Gateway as ClockVM: Whonix 15.
Dec 7 2018, 11:57 AM · enhancement, security, sdwdate, Whonix, Qubes
Patrick removed a project from T362: systemd SystemCallFilter= containment option seccomp hardening: Whonix 15.
Dec 7 2018, 11:57 AM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix

Oct 1 2018

Patrick placed T503: have sane built-in defaults even if config files are non-existing up for grabs.
Oct 1 2018, 1:17 PM · Whonix 15, tb-updater, tb-starter, open-link-confirmation, rads, onion-grater (Control Port Filter Proxy), uwt, sdwdate, whonixcheck, whonix-ws-firewall, whonix-gw-firewall, Whonix
Patrick placed T731: document sdwdate code flow up for grabs.
Oct 1 2018, 1:16 PM · Whonix, sdwdate

Sep 20 2018

Patrick added a parent task for T856: whonix TemplateVM time fetching qrexec service: T387: Qubes-Whonix-Gateway as ClockVM.
Sep 20 2018, 11:45 AM · sdwdate, Whonix 16, Whonix, qubes-whonix
Patrick added a subtask for T387: Qubes-Whonix-Gateway as ClockVM: T856: whonix TemplateVM time fetching qrexec service.
Sep 20 2018, 11:45 AM · enhancement, security, sdwdate, Whonix, Qubes
Patrick updated subscribers of T856: whonix TemplateVM time fetching qrexec service.
Sep 20 2018, 11:44 AM · sdwdate, Whonix 16, Whonix, qubes-whonix
Patrick triaged T856: whonix TemplateVM time fetching qrexec service as Normal priority.
Sep 20 2018, 11:44 AM · sdwdate, Whonix 16, Whonix, qubes-whonix
Patrick triaged T850: sdwdate message tor consensus improvement as Normal priority.
Sep 20 2018, 11:35 AM · Whonix, Whonix 15, sdwdate

Sep 18 2018

marmarek added a comment to T691: sdwdate sclockadj change time without spamming logs.

Actually, the "apt-daily.timer: Adding 1h 17min 24.927437s random time" message have real impact, not only noise. Each time sdwdate change time, systemd adds a random delay to those timers. which means the timer will never expire (unless that random delay will happen to be very close to 0 - i.e. below the time until sdwdate change the time, which looks to be 1s).

Sep 18 2018, 3:55 AM · systemd, research, sclockadj, sdwdate, Whonix

Sep 12 2018

Patrick closed T832: sdwdate support for GETINFO “current-time/{local,utc}” as Invalid.

https://forums.whonix.org/t/sdwdate-support-for-getinfo-current-time-local-utc/5909/3

Sep 12 2018, 9:01 AM · sdwdate-server, sdwdate, Whonix

Sep 11 2018

HulaHoop triaged T832: sdwdate support for GETINFO “current-time/{local,utc}” as Normal priority.
Sep 11 2018, 7:32 PM · sdwdate-server, sdwdate, Whonix

Aug 15 2018

Patrick updated the task description for T362: systemd SystemCallFilter= containment option seccomp hardening.
Aug 15 2018, 1:06 PM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix

Aug 7 2018

Patrick renamed T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes) from make sdwdate-gui Qubes friendly to make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).
Aug 7 2018, 6:45 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
HulaHoop added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

In theory, we could make sdwdate provide a local (default) (or optional opt-in server) NTP compatible time provider. Could be useful anyhow. -> sdwdate-server No idea how hard that would be.
And then configure NTP to connect only to that local NTP server.

Aug 7 2018, 8:37 AM · Whonix, C Code, sclockadj, sdwdate
HulaHoop closed T814: find out what the most popular time synchronization daemon is / find out debian's default time synchronization daemon as Resolved.
Aug 7 2018, 8:16 AM · Whonix, Whonix 15, sclockadj, sdwdate
HulaHoop closed T814: find out what the most popular time synchronization daemon is / find out debian's default time synchronization daemon, a subtask of T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock, as Resolved.
Aug 7 2018, 8:16 AM · Whonix, C Code, sclockadj, sdwdate

Aug 6 2018

Patrick added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

/usr/sbin/ntpdate as far as I know doesn't accept a command line command to take an offset (or anything). It connects to remote servers in its default design.

Aug 6 2018, 8:59 PM · Whonix, C Code, sclockadj, sdwdate
Patrick added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

Yes, not readily accessible from command line.

Aug 6 2018, 8:48 PM · Whonix, C Code, sclockadj, sdwdate
HulaHoop added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

The easy way: calculating the offset between local time and the onion average in timesync then using ntpdate's slew option if the offset is less than 0.5s. Otherwise you tell it to step up the time immediately so that you are accurately mimicking the default behavior. However you can force slewing all the time with -B. This way you won't need to touch kernel syscalls as ntpdate should be able to do the operation for you.

Aug 6 2018, 8:28 PM · Whonix, C Code, sclockadj, sdwdate
HulaHoop added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

From what I understand, this code path is only relevant when timesyncd is talking directly with NTP servers and reacting to replies about deltas between local and remote times. There is no way you can call that function from the command line when using timedatectl standalone AFAICT.

Aug 6 2018, 5:46 PM · Whonix, C Code, sclockadj, sdwdate

Aug 5 2018

Patrick updated the task description for T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.
Aug 5 2018, 3:58 PM · Whonix, C Code, sclockadj, sdwdate
Patrick added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

It doesn't seem that timedatectl supports gradual time adjustment.

Aug 5 2018, 3:52 PM · Whonix, C Code, sclockadj, sdwdate

Jul 27 2018

HulaHoop added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

Since we are interested in ntpd's default behavior (for blending in purposes) it turns out that it performs instant clock jumps once the delta difference is excessively large otherwise its slewing algorithm would take forever to adjust the time.

Jul 27 2018, 7:33 PM · Whonix, C Code, sclockadj, sdwdate
HulaHoop added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

It doesn't seem that timedatectl supports gradual time adjustment. Our next best option is ntpd which can do so but cannot coexist with timedatectl - we can only run either but not both. According to popcon, ntpd is the mos widely used time daemon so its the natural choice.

Jul 27 2018, 6:22 PM · Whonix, C Code, sclockadj, sdwdate
Patrick added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

Currently time is set using gnu date (clock jump) (initial run after current boot) or sclockadj (consecutive run) (slow clock adjustment).

Jul 27 2018, 9:35 AM · Whonix, C Code, sclockadj, sdwdate

Jul 25 2018

HulaHoop added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

the time could be set with timedatectl by feeding it the time with this command:

Jul 25 2018, 9:20 PM · Whonix, C Code, sclockadj, sdwdate
HulaHoop added a comment to T814: find out what the most popular time synchronization daemon is / find out debian's default time synchronization daemon.

Stretch+ uses systemd-timesyncd by default therefore its the most popular.

Jul 25 2018, 8:38 PM · Whonix, Whonix 15, sclockadj, sdwdate
Patrick added a subtask for T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock: T814: find out what the most popular time synchronization daemon is / find out debian's default time synchronization daemon.
Jul 25 2018, 9:41 AM · Whonix, C Code, sclockadj, sdwdate
Patrick added a parent task for T814: find out what the most popular time synchronization daemon is / find out debian's default time synchronization daemon: T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.
Jul 25 2018, 9:41 AM · Whonix, Whonix 15, sclockadj, sdwdate
Patrick triaged T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock as Normal priority.
Jul 25 2018, 9:22 AM · Whonix, C Code, sclockadj, sdwdate
Patrick triaged T814: find out what the most popular time synchronization daemon is / find out debian's default time synchronization daemon as Normal priority.
Jul 25 2018, 8:53 AM · Whonix, Whonix 15, sclockadj, sdwdate
Patrick closed T691: sdwdate sclockadj change time without spamming logs as Resolved.

This is sorted in a later version of systemd.

Jul 25 2018, 8:39 AM · systemd, research, sclockadj, sdwdate, Whonix
Patrick edited projects for T691: sdwdate sclockadj change time without spamming logs, added: systemd; removed Whonix 16.
Jul 25 2018, 8:39 AM · systemd, research, sclockadj, sdwdate, Whonix
Patrick closed T50: systemd spams journal due to time changed by sclockadj, rewrite of sclockadj, sclockadj2 as Resolved.

sclockadj3 is done -> T686.

Jul 25 2018, 8:35 AM · C Code, python, bug, Whonix, sdwdate, sclockadj