and lastly, i would like to add that the NSA leaks one of tools was specifically targeting busybox and alpine, but i guess they also now have tools for debian so its kinda irrelevant but worth noting
i noticed error in alpine wikipedia u sent
“end-to-end signed packages (not only repository metadata) (such as end-to-end signed .debs”
this comparsion makes no sense as you cannot sign large files, you can only sign the files hash (metadata)
That’s a bold claim. Do you have any proof?
nsa and cia leaks mentioned a vlc backdoor
vault 7 leaks
Debian has valid-until which notices indefinite freeze attacks and prevents replay attacks.
Good to add to the comparison table. Criteria for Choosing a Base Distribution
Threat models usually include malicious / compromised mirrors and broken TLS.
TLS has many issues. → Transport Layer Security (TLS)
Large files can be signed for example with gpg. For example Whonix-CLI-16.0.8.2.ova is a large file. 1 GB+. And Whonix-CLI-16.0.8.2.ova.asc is its signature.
Not Wikipedia. Whonix wiki. Not the same.
Only wikipedia.org can be called Wikipedia, which is based on the MediaWiki webapp. The Whonix wiki is also based on MediaWiki.
1 Like
the gpg when signing files signs only the hash, not the file, this is true to all ciphers curves and rsa. u cannot sign a file large than key size for example 4096 key can only sign 4096 big files max
“(GPG) digital signatures combine a hash with a cryptographic process which ensures not only the integrity of the signed message (file, mail, …) but also the authenticity of this message. By mean of these digital signatures (usually asymmetric cryptography), you can be sure that the content you checked has not been tampered with and has been issued by the owner of the key (who has access to the private key).”
yeah its type mistake sorry english is not my first language
There will probably be way too many disagreements that I can foresee. Therefore I think your conditions cannot be met.
In case that isn’t an issue… Due to the huge extend of changes you’re suggesting it would be helpful if you’d establish a history as a contributor first. As mentioned, for the wiki improving Criteria for Choosing a Base Distribution would be good or a small non-controversial code contribution, bugfix, patch, feature.
Otherwise I think this forum thread has a high chance to result in a lot of discussion but no actual improvements.
1 Like
alright i just meant i could provide a “sample image” of how whonix should look like and u could develop whonix 2.0 based on that
and yes i will try helping with things, isn’t sdwdth ntp client need a write? i could do that
Yes but something smaller that needs little to no discussion would be better to establish a history as a contributor as a first time contribution.
1 Like
alright i submitted already a whonix wiki edit related to “end-to-end” signing comparsion table, i removed it because it dont make sense. as when u sign files u actually sign hash
I actually don’t agree to that either. Signing the hash, perhaps but that’s getting into semantics. But signed debs… Well, see end-to-end signed debs. debsign, debsig and dpkg-sig. It’s about end-to-end signed packages (or hashes of these packages). Therefore shouldn’t be deleted from the criteria without replacement.
it might also be worth creating a whonix wiki page related to vlc and including info about fact a backdoor was mentioned in cia vault 7 leak
(ignoring fact it is included by default in whonix hmm)
also stating that a video player is not needed and users should use tor browser as video player might also be worth mentioning or just removing vlc all together from default builds and if someone wants vlc he can install it normally via terminal
For making huge negative claims such as xxx is backdoored if it’s not a well known fact that can be trivially verified with search engines, it always helps to add weblinks to authoritative sources (research papers, news reports, originals) as well as a short specific citations which is making that point.
1 Like
ok, on wikileaks you can download vault 7 leaks and read documents regarding cia cyber attack tools, in one paper it mentioned a backdoor in vlc (without mentioning how the backdoor actually works)
the wiki does not mention vlc but the paper did, idont have direct download for vault 7 but im sure a quick search will give u some good torrents for download
(im not making claims its in the document also i dont think if something like vlc is backdoored by cia u would be able to “trivially find it via search engines” but thats just my only claim lol)
That’s a huge release.
The burden of proof is on the one making the claim. So before adding it to the wiki, we need much more specific evidence and cannot just write “somewhere in vault 7 go look for a torrent somewhere”.
Also VLC backdoor. Perhaps a vulnerability? Backdoor is a big word. I think if there would have been a backdoor in VLC, that would have been in mainstream news as well as that backdoor would have been analyzed by the security community who would have jumped onto it. Would be easily found on search engines.
1 Like
yeah i agree on this
i think i got documents downloaded somewhere, i will read it again and provide the paper it mentions it but might take some time
could be, from what i remember they kept details vague and it wasn’t just vlc bunch other software that the wikipedia does not mention or it would be a book
Just to provide some insight into the VLC and Vault 7 situation, this is the press release the VLC devs released on their site at the time. https://www.videolan.org/press/PR_CIA_Vault7_VLC.pdf
“number of glaring security holes”, I waited 3 days to respond because of the title and the first line, but let’s try again.
The number of security holes are what can’t be done because of the lack of contributors, so instead of starting with security holes claim, start with the improvements you can make due to the Linux insecurities.
I recommend you start by reading this thread Fixing the Desktop Linux Security Model - #2 by madaidan
Also, if you want any of this to be done, start a thread per topic, use this thread as a meta thread to reference others, this way we can discern what is improving and what has not been developed yet.
Changing distro is probably the last thing to be done of these points because it is the most difficult, as it requires:
- changing from debian packaging to alpine packaging
- less compatibility, have you tested the default desktop apps available by default on Alpine?
- updating the Wiki when related commands apt and dpkg should be changed accordingly to apk
Because of the above points, if you want Whonix on Alpine, then it should be the last thing to be done, as it is already much work on itself.
See other threads about switching to alsa adrelanos mentioned above.
Unfortunately used by many applications, maybe not something that can be fixed on debian, so if it is ever switched to Alpine, then this wouldn’t be a problem I expect.
No opinion.
Doas does not work on most Linux distros, works only 100% on OpenBSD and FreeBSD and NetBSD with some modifications. But on Debian it does not work succesfully the persistent/timeout https://salsa.debian.org/debian/opendoas#peristtimestamptimeout
So if switching to Alpine, I assume this is not a problem either?
Anyway, doas does not ship with vidoas and doasedit, which are comparable to visudo and sudoedit, but this repo has that GitHub - slicer69/doas: A port of OpenBSD's doas which runs on FreeBSD, Linux, NetBSD, and illumos to help, an unnoficial port.
See many other threads, XFCE is not ready and if it requires a different environment, than that also has to be ported.
more secure package manager
You must back up your claim if you want it to be really considered.
Does Alpine have onionized repositories?
Does Alpine have a way to deal with onionnized repositories safely like what is done with apt-transport-tor, that blocks not tor connections if attempting to reach onion repos and it is prefixed with tor+REPO in the sources list?
Musl which is more secure than Glibc
Base problem again, we can’t rebuild revery package to use musl, it needs to come from the base distribution.
Not true, even switching to Ubuntu poses challenges. Also, your claims does not have backup.
technical challenge as alpine has plenty of packages
Plenty, what does that mean? Does that mean it has everything to build Whonix? IDK, you are making that claim and should test building whonix applications on alpine.
used by professional companies and is not amateur project
For servers, containers and very recently for desktop, but you didn’t mention that. Also is present in most VPS and has decades of existence and many forks. It is very amateurs on the desktop and has a very small userbase, try searching for help for Debian compared to Alpine. Whonix forums can’t answer everything and sometimes we have to let the users debug by using search engines, this is not gonna be a reality if Alpine help is difficult to find.
Meet current Whonix MAC GitHub - Kicksecure/apparmor-profile-everything: deprecated - maybe replaced by: `apparmor.d` and Sandbox GitHub - Kicksecure/sandbox-app-launcher: An app launcher to start apps in a restrictive sandbox https://www.kicksecure.com/wiki/sandbox-app-launcher
read the Whonix documentation about them, somethings are not working and you could improve that if you’d like.
Technical challenges, debian default install does has that either, only choose your Desktop Environment and your enabled servers such as SSH. If that is done, an image is not ready when shipped. I don’t use most apps, and not on the same VM, but Whonix tries to ship applications by default.
About “VLC backdoor”, already replied by adrelanos.
About the difficulty of this issue, you will need to learn to build Whonix to test that.
Strongly disagree, if connection wizard is important to setup bridges, proxy etc, before tor connection start. There is a whole design for this to not be simply connecting directly in the first boot, but setting up the connection. Tails also has this setup.
Unlike any debian distro ever? Setting random password? How is the user gonna do privileged actions? Even if the password is shown in the first boot, the user should choose the password, not be randomly generated. If they want that, they can do via pasting a password manager password.
Same as replied above about Alpine.
Overall, start with small tasks, without accusations, with questions, presenting source to backup claim. Read other threads, most of the things you said were already discussed before and have problem which are obstacles that maybe you could overcome.
Security is not black and white.
Less code does not mean better code.
Less code does not mean better security.
Less code does not mean better auditability.
Those things are probably said in line of: “this code is more secure because it has less lines therefore it is easier to audit and more secure”.
BSDs are also minimal, but is enough people auditing them for bugs to be discovered? Using your arguments, Netflix uses FreeBSD, does it make a good choice of distro? If the distro is so minimal that people does not give attention to it, it is not audited enough at all.
This is incomparable.
Qubes is a Xen hypervisor, Whonix can run on Qubes. Two very very different things.
Tails is dedicated for amnesiac purposed, it’s tor implementation is prone to leaks through transpoxy and running tor on the same machine is already less secure than Whonix.
1 Like
To add to this, less code means easier to audit as less things to be read, but does not mean it was written better in less lines nor easier to read if it is not clean code nor that is audited at all because the project is disregarded.
1 Like
Yes. Excellent. Thank you! @nyxnor
Good guidance. Way to much topics for 1 forum thread. And too much discussion, too little action.
To add to this:
The confrontational, revolutionary approach “let me tell you all the thing which are wrong and do as I say” most likely won’t work with any established projects.
What however does work is an incremental, evolutionary approach. A stream of small enhancement contributions. For example, recently there has been a number of security enhancements contributed to security-misc.