Configuration of (lightweight) Whonix minimal flavor

Development
41
Why do you prefer Fluxbox over Openbox for the featherweight setup?
I do not necessarily. I actually prefer to use JWM for the featherweight (see below). Still, Fluxbox is more "complete" - compared to Openbox - as a standalone (ships a taskbar for example, besides other things). That's why I was saying this.
We can discuss this in the future. We have very similar ideas about it anyway.
Great. I got somewhat further here, i.e. I made at least some decisions (for me personally). Applies to both feather- and lightweight. That is to say:

Was working/discussing with Patrick yesterday to get Pidgin and KeePassX integrated into Whonix by default, i.e. desktop independent. We also talked about Thunderbird+Torbirdy - this is difficult though due to the availability of Torbirdy for Wheezy.

I tried it but I don't know what is #!
#! is just short for "crunchbang". So, how do you like it? The overall desktop UX, I mean.
I don't see much differences between Fluxbox and Openbox. Anything specific I should check out?
Tabbed windows in Fluxbox. Definitely check it out. Please also checkout dmenu (Alt+F3 in #!).
I prefer LXpanel over tint2. Coming from Windows, application menu & a quick launch area are a must for me.
Haven't tinkered with tint2 too much so far, but I'm pretty sure this is a matter of configuration. tint2 is very popular.
I started from the basics - testing window managers.
Try LinuxBBQ "Gangbang edition" - 53 WMs on a LiveCD(Sid). EDIT: Check this out > http://crunchbang.org/forums/viewtopic.php?id=18273
I can't see us using JWM. It's looks older then Win95. My very last choice of the four.

I like IceWM better then JWM, mostly because of the panel but still Win98 at best.


I left this for the end :wink: Speaking of featherweight here (my current personal focus), not lightweight: JWM actually is my favourite, don’t be fooled by the look of it (we’ll “paint” it). My reasoning:

  • it’s FAST (fastest stacking WM around - according to Arch Wiki + my own testing)
  • Memory footprint: 3MB
  • it follows the traditional, i.e. Windows desktop (root menu, pager, quicklaunch, taskbar, clock) - all in one package. Less alien than Fluxbox.
  • Both Damn Small Linux and Puppy Linux ship it as a default
  • Its configuration is straight forward XML. Just one conf file ~/.jwmrc
  • It’s actively developed.

Theming is somewhat non-existent with JWM (just colors, fonts, sizes) but I’m going to put lipstick on it anyways (deviantart encourages). Also a good thing, i.e less bloat. I’m pretty sure that we could integrate/theme it and you’d like it then. For lightweight such radical measures (like JWM) aren’t needed (not advertised by me).

Other than JWM (and IceWM) for featherweight - /me hides - I’m (again) much in favour of what the guys over at http://suckless.org/ are doing. First and foremost “dmenu”. Debian ships “suckless-tools” which also includes http://st.suckless.org/ and tools | suckless.org software that sucks less

42

I agree that various IM and password managers should be Whonix default but again, future topic since it’s a huge topic.

You misunderstood my point about #!. I don’t know what in Crunchbang is actually Crunchbang’s work and not just Openbox default, so I started by installing only Openbox.

I would prefer if #! would have a panel and less items in the pipe menu.

Alt+F3 disables the right click menu and adds a console at the bottom?

We shouldn’t disregard all visual improvements since 1995 as bloat. We don’t need flashy eyecandy OK but rounded edges would be great. Default JWM looks old to me. Puppy implementation on the other hand looks really good.

Using 3MB vs. 13MB (for example) is not really a problem. After all we will be operating with at least 512MB making ram use less important if both are below, I don’t know, 20?

43
I agree that various IM and password managers should be Whonix default but again, future topic since it's a huge topic.
Sure. We nailed it anyways already (yesterday on IRC). Both pidgin (with evil protocols disabled, see Tails) and KeePassX will be shipped by dist-upgrade to Whonix 8 soon. That is, if I understood Patrick correctly.
You misunderstood my point about #!. I don't know what in Crunchbang is actually Crunchbang's work and not just Openbox default, so I started by installing only Openbox. Regarding Crunchbang, my first thought is that it's nice but nothing that would really impress me.
I'm sorry. Just yesterday, I outed myself as another German :P So, I most likely was lost in translation here. Thanks for your estimation on #! - as I see, opinions can differ significantly.
Alt+F3 disables the right click menu and adds a console at the bottom?
As long as "dmenu" is activated by Alt+F3 it has the focus, so yes. You terminate it by pressing Esc. Basically, it is a launcher for everything in $PATH - very convenient imho. Just (for example) type "torb", press enter and Torbrowser is there, type "VB", press enter and VBox is there. Reminds me of Gnome Do, tab completion on steroids.
We shouldn't disregard all visual improvements since 1995 as bloat. We don't need flashy eyecandy OK but rounded edges would be great. Default JWM looks horrible. Puppy implementation on the other hand looks really good.

Using 3MB vs. 13MB is not really a problem. After all we will be operating with at least 512MB. If you think that JWM is better then X, great, let’s use it but if it’s better only because it uses 3MB and Openbox uses 13MB then I don’t see the point.


I’m with you here. I’d just like to use JWM for the featherweight (my personal pet project) - I see this as another topic as the lightweight Whonix. For the lightweight setup, I also would do more compromises. That said, I’m actually sorry for hijacking your lightweight thread with my featherweight setup. I guess the latter one will be a one-man show anyways. Maybe I should start a new thread?

As of Slacko 5.6: I have it running here and, as you said, Puppy developers did a pretty good job in customizing/prettifying JWM, companion software, etc. So, as you see (for featherweight) we actually can care about 3 VS 13 MB Ram and still ship something nice.

Making a lean, mean Whonix machine is pointless if no one will use it. Mixing Win95 with other modern programs that will be part of the edition will create an even bigger display of the conflicting looks.
If ok for you, let's discuss mainly lightweight here and let me tinker with featherweight (your input is certianly more than welcome). Again, I'm sorry for mixing things up. To me, currently, featherweight is most important, i.e. I'll do it anyways (for me) and if it turns out to be great, I'm going to redistribute it - contributing to people's options/convenience. For lightweight, such compromises (fastest, lightest, real minimal footprint, squeeze out the last MB of Ram) isn't needed - I'm perfectly on the same page here.
44

If ok for you, let’s discuss mainly lightweight here and let me tinker with featherweight (your input is certianly more than welcome). Again, I’m sorry for mixing things up.[/quote]

No problem. Feather and lightweight are very connected, only the elements will change but in-Whonix implementation will be similar. Looking forward to your progress.

45
That said, if you, Patrick, troubadour, whoever involved here, could afford the time to briefly test (maybe an hour or so) the Crunchbang Waldorf distribution from a desktop experience perspective and tell me how you feel this in contrast to Debian "lxde", that'd be really great.

I could afford to test Crunchbang or whatever you might see fit. But before, I’d like to put my oar in the thread. I think one should have a look around before discussing the preferences of one or another. It seems that Xfce4 is becoming a sort of standard in the lightweight desktop environments. Debian is considering shipping it as the default DE in jessie, decision in August from what I could read. I believe it comes already in testing/jessie. I can check.

I have installed Qubes OS (R2). They install lightdm and propose KDE4 Plasma AND Xfce4 as standard. I know Qubes is not a widely used distribution, but we cannot ignore their choice, it must have been seriously weighted.

I do not think openbox alone is fighting in the lightweight category, it is definitely featherweight. What you get is a blank screen and a right-click menu…

A personal like. Xfce4 lets the user activate the windows on the desktop with the mouse wheel. Say you have two terminals, one editor and a browser open. When switching between windows, this mode preserves the cursor position and whatever was highlighted previously. Once you get use to it, it is difficult to go back to the standard click to activate. I had a look in LXDE, I could not find the same feature.

46

@troubadour

You actually do not need to convince me of Xfce :wink: I’m using it on and off (parallel to Gnome2) since early 4.0 beta/RC releases. Since Gnome developers completely lost their brains (think Gnome3), I switched to Xfce as my daily/main working environment. So, I’m completely with you!

The reason I had a bias towards LXDE is due to the fact that I’m (personally and specifically for Whonix) in need of something even lighter than Xfce … and LXDE actually is just that (slightly at least).

But: Even LXDE is too bloated for what I (personally) need it, so I went on and i’m putting together “Whonix Featherweight” now - basically building a “DE” from scratch. I’m making progress (mostly discussing this at #Whonix on irc.oftc.net these days) but it’s a whole lot of work, tendious but fun - that said, i’d like to get it just right, so it needs time. The result is - so far - well worth the effort. That is to say, it’s flying.

To provide some insight into ongoing “Whonix Featherweight/building a “DE” from scratch” project: I try to be very “anal retentive” here. Caring about every little detail/component, squeezing as much performance out of it as possible while trying to come up with something both user-friendly + minimalist - (noticable) faster than both LXDE and Xfce.

Some sneak peak:

Still some things are undecided yet (needs more research, testing): archive manager, file search, scrot (most likely “scrot”), system monitor (most definitely htop) and lots of others i cannot remember just yet (just too much) :slight_smile:

Other than that (goals):

  • Not at all touching Whonix base
  • Providing a meta-package for easy install + pre-configuration
  • /etc/xdg/autostart integration (either GitHub - paultag/fbautostart: Fluxbox XDG Autostart-er or custom-coded wrapper) > whonixcheck/timesync (msgdispatcher)
  • /etc/xdg/menus > JWM menu (custom-coded and/or puppy linux components, tbd)
  • fit together everything, i.e. components into a “DE” > visual appearance + overall “DE”-logic, etc.

Suggestions/Feedback welcome!

47

Qubes system requirements are high, definitely not a light-weight system. I reckon they choose KDE because it is popular and not because it’s better security wise then DE X.

https://groups.google.com/forum/#!searchin/qubes-devel/xfce/qubes-devel/U-86_FnT3jw/M4lZdDbIx3cJ

You do make a good point about Xfce becoming the de facto light DE. The differences between LXDE and Xfce are quite minimal as Cerberus already said, so from my angle Xfce is a good choice for light-weight Whonix flavor.

Great, just great :slight_smile:

Have you perhaps created a list of (some of) the components that need to be included? I’m bad at general testing, better at specific testing.

48

I have installed Qubes to try running Whonix on top of it, certainly not for its lightness. First the iso is 2.4GB… Then each WM uses a lot of RAM (I’ll check exactly how much). I just wanted to stress Xfce seemingly becoming a standard light DE.

Off topic.
I had a look at Google Groups, and it’s part of my problem. The whole discussion about Qubes seems to be only there. I’d have some questions to ask to the Qubes developers, so I’d have to create an account. Considering the amount of personal information required, I am reluctant.

49

[quote=“troubadour, post:48, topic:84”]Off topic.
I had a look at Google Groups, and it’s part of my problem. The whole discussion about Qubes seems to be only there. I’d have some questions to ask to the Qubes developers, so I’d have to create an account. Considering the amount of personal information required, I am reluctant.[/quote]
You don’t need a google account. Any e-mail account will allow you do participate on their list. See also:
http://qubes-os.org/trac/wiki/QubesLists#HowtoSubscribeandPost1

50
You don't need a google account. Any e-mail account will allow you do participate on their list. See also: http://qubes-os.org/trac/wiki/QubesLists#HowtoSubscribeandPost1

Thank you. I have joined.

@Occq
About the DEs in Qubes, I cannot resist a comment. They may have chosen KDE because Gnome 3 is a disaster. In my humble opinion, this piece of software looks and feels as if it had been designed by a bunch of depressive developers. :cry:

51

I agree.

52

Wayland (http://wayland.freedesktop.org/) instead of X?

Figaro’s Password Manager 2 instead of KeePassX?

A few links with applications lists for different distros. Might come in handy.

http://puppylinux.org/wikka/SoftwareIndex
http://www.osnews.com/story/24936/Damn_Small_Linux_Still_Damn_Fun

http://crunchbanglinux.org/wiki/applications
https://wiki.ubuntu.com/Lubuntu/Applications/Process%20Documentation
https://wiki.archlinux.org/index.php/List_of_Applications

53

Whonix is an awesome setup for using Tor. It’s got Tor isolation, and stream isolation, and it’s ready to use with virtually no setup needed. Not only that, the documentation is mind-boggling. The instructions and scripts are sufficient for anyone with middling Linux skills to setup a build machine, and build Whonix VMs. I know because I’ve just done it, and I simply followed instructions. Y’all totally rock :slight_smile:

Still, as Patrick has discussed on Wilders, many potential users complain that it’s too complicated. They want something like Tails or even TBB. My focus has been VPNs, and I’ve recommended Whonix as a drop-in setup for using Tor. It would be far better to have a LiveDVD with VirtualBox and the Whonix VMs, and also a VPN client in the host for obscuring Tor use. I’ve played with that off and on for the past year or so, but I’ve always been stopped by the challenge of fitting three OSes in one LiveDVD.

Now I’m taking another shot. So far, this is my plan:

[ul][li]Host: Debian 7.4 x86 (network install plus xorg etc, and fluxbox) plus VirtualBox and dependencies; 1.66 GB.[/li]
[li]Tor Gateway: pfSense 2.1 x86 plus latest FreeBSD Tor port: 0.22 GB[/li]
[li]Whonix 8.1 Workstation: the best that fits in a 2.1 GB VM[/li][/ul]

I’ve written more on Wilders < What's needed is a LiveDVD like Tails, with Tor isolation like Whonix, and VPN clients too | Wilders Security Forums > that I won’t repeat here.

Some may object to using a pfSense VM in place of the Whonix Gateway. However, for a LiveDVD usable on machines with 8 GB RAM, the total uncompressed content must (as far as I know) fit in a 4 GB ramdisk. Given that, the total for Tor gateway and workstation is ~2.3 GB, and that’s implausible for two Debian VMs.

FreeBSD Freshports < FreshPorts -- security/tor: Anonymizing overlay network for TCP > is up to date (Tor-0.2.4.21). I’ve used torrc from Whonix 8.1, and almost everything seems to work with stock Whonix 8.1 Workstation. I don’t have ControlPort working yet. I’m guessing that it’s a permissions thing, with tor user being unable to do what it needs. I believe that it’s secure enough, with no outbound route from LAN, and LAN access blocked to everything except Tor ports. If anyone wants to test, I’ll provide either the VM or setup instructions.

Where I’m stuck is optimizing Whonix 8.1 Workstation in a VM that’s 2.1 GB or less. So far, I’ve built a Whonix 8.1 Workstation, terminal-only with no default apps. It’s just 1.5 GB, so I have 0.6 GB for a usable desktop. I was planning to go with minimal fluxbox, and that’s what brought me to this thread. Perhaps this should be a separate thread, but I’ll leave that to y’all.

I’ve tested the minimal Whonix 8.1 Workstation with a stock Whonix 8.1 Gateway VM, and it seems to do expected things such as checking Tor status, etc. Using wget, < http://check.torproject.org/ > tells me that wget is “configured to use Tor”. And so I’m guessing that everything needed to interact with the gateway is present. Is that correct?

I welcome advice about adding the best, most-usable desktop in 0.6 GB or less.

54

Update

sudo apt-get update && sudo apt-get dist-upgrade -y
sudo apt-get install xorg
sudo apt-get install xbase-clients
sudo apt-get install gksu
sudo apt-get install fluxbox

That increases the workstation VMDK from 1.5 GB to 1.8 GB.

Running “startx” loads fluxbox :slight_smile:

[fluxbox]
terminal
wget https://www.torproject.org/dist/torbrowser/3.5.4/tor-browser-linux32-3.5.4_en-US.tar.xz [24 MB]
tar -xvJf tor-browser-linux32-3.5.4_en-US.tar.xz
cd tor-browser_en-US
./start-tor-browser
“XPCOMGlueLoad error for file /home/user/tor-browser_en-US/Browser/libxul.so:
libasound.so.2; cannot open shared object file: no such file or directory:
Couldn’t load XPCOM.”
find / libasound*
“find: ‘libasound*’: No such file or directory”
aptitude search libasound

libasound2

sudo apt-get install libasound2
./start-tor-browser
“Congratulations. This browser is configured to use Tor.”

The workstation VMDK is now at 1.9 GB. I’d appreciate opinions about other key packages.

55

Correction: The VMDK is at 1.76 GB. I forgot to convert properly.

56

I suggest reviewing Whonix’s package list.

Technically meta packages, i.e. what packages to install, are configured in debian/control, see:
https://github.com/Whonix/Whonix/blob/Whonix8/debian/control

A justification / explanation, why package X gets installed can be found here:
https://github.com/Whonix/whonix-developer-meta-files/tree/master/package_documentation

Packages marked “## recommended” don’t have to be installed, maybe some packages marked “## dependency” could become “## recommended” after review and some if/then/else magic. (For example it wouldn’t be difficult to omit the vrms package for custom builds and with a little more code also for redistributable builds.)

However, I am buried in tasks, so I welcome help here.

As for how to create a minimal desktop environment, Occq and Cerberus have spent some thought here in this thread, I think.

57

When finally task https://github.com/Whonix/Whonix/issues/40 is done, I hope understanding Whonix’s internals gets much simpler. Also creating custom builds or Live DVD’s etc. should become much simpler, since then you can decide which of Whonix’s additions you like to use.

58

Yes, I’ve read those posts, and I am very curious about Cerberus’ Featherweight version.

59

Help ???

I have a minimal Whonix workstation VM with fluxbox. If I start it, and execute “startx” at the prompt, I get fluxbox.

How do I configure it so fluxbox starts automatically? I know that “startx” must appear in the relevant startup file, but I’m having no joy figuring out which one that might be.

60

Don’t know much about that stuff. However, I would guess, that stuff goes into.

Had a glimpse into TorBOX 0.1.3 source code, where we used openbox.

# startx automatically launches openbox and tint2 (taskbar)
echo " tint2 &
exec openbox-session" | sudo -u user tee ~/.xinitrc

So it looks like.

Works as well.

Perhaps put into ~/.xinitrc the following.

However, writing into /home/ is always a bit weird, unprofessional, problematic and should be avoided if possible. I don’t know if there is a way to configure autostart of fluxbox in /etc/ however.

Anyhow. As said earlier, when you manage to figure out a set of config files for a minimal desktop, I can do the Debian packaging.