Long Wiki Edit Thread

Ah okay - no worries. They take a while to filter to stable. I’m very keen to see it implemented, as your stuff will save a lot of time and is a major improvement.

That’s great. Yes please, go ahead and edit away. I’ve added you as a maintainer of the page (pending edits), since who am I to question the OnionShare lead mechanic :wink:

And thanks for all your efforts on the website. It is running smoother than I ever remember, all the errors seem to have disappeared, and the v3 onion seems to be available all the time now. A truly shocking combination compared to previous times, and I think it wasn’t just luck! Maybe new hardware also helped?

Also, a suggested News Forum topic (if you like @Patrick , I’ll post it)

A Callout to Whonix Cryptocurrency Users

Dear Whonix users,

Recently, members of the Monero community approached us in the Organization forum about ways in which we could collaborate together. [1]

The Monero community has a reputation for being passionate about privacy and there are a significant number of users who also rely on Whonix for their activities. With obvious shared goals and interests, a number of Monero community members quickly came forward and provided detailed, fully-functional instructions for Monero on the Whonix platform. [2]

The Whonix team would like to thank OSNF2P, thotbot, rehrar and others for their efforts and ongoing maintainer status of the Monero wiki page.

Based on this success, we would like to welcome members from other popular cryptocurrency communities such as Bitcoin, Ethereum and so on to step forward and improve the existing Whonix wiki sections that already exist, but which are either out-of-date or unfinished. [3]

The wiki badly needs the love of afficinados who want a win-win for both communities: working crypto instructions combined with a higher-security, virtualized platform.

Anybody who is willing to contribute can freely edit the relevant wiki pages and/or nominate themself for maintainer status.

References

[1] http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/monero-and-whonix-sitting-in-a-tree/5949
[2] http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Monero
[3] http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Money

3 Likes

Thanks! No new hardware yet, so that’s a nice surprise.

We have a strange bug on Phabricator (the comment field has disappeared in tickets) which I can’t figure out, otherwise yes, things are stable. I upgraded MediaWiki overnight too to address some security issues, as well as Discourse.

After the Debian .onion drama on the weekend, I’ve added some monitoring of the content of the Whonix .onion front page too.

3 Likes

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Qubes/Update

Can be deprecated or deleted?

Why would Qubes-Whonix users need to manually configure the TemplateVM proxy (in Qubes R3.2?) as part of the “update”.

That is:

a) Should be already setup by users well before then either automatically at install; or

b) They would have already set this up when configuring Whonix the first time after manually downloading templates.

Since Qubes R4 is using Salt - doesn’t apply at all (normal update page is fine).

It only applies to Qubes R3.2, but I presume all the “preparation” steps can either sent to a separate “configuring sys-whonix as a ProxyVM” section somewhere (specific to R3.2), and the rest of the page is not needed (delete it), since it just repeats the same text as the update page (?) →

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Operating_System_Software_and_Updates#Updates

Mediawiki changes in progress:

1 Like

Let’s compare two pages.

a) mediawiki orignal:

  • The underline below a chapter is good?
  • right amount of space between chapter title and text?
  • right amount of space between chapters?

b) Whonix wiki:

  • too much space after title headline and next?

Finished!

1 Like

Yes to all questions. So if we can rip off and insert those wikipedia settings into Whonix, we improve the look and feel by 20% immediately.

I see someone also improved the Whonix wikipedia entry. It was very ordinary a couple of years ago.

Good job - useful having a full package list like that.

Should be repeated for Qubes-Whonix with only different packages noted?

Ditto KVM also (just any different packages)?

1 Like

torjunkie:

Yes to all questions. So if we can rip off and insert those wikipedia settings into Whonix, we improve the look and feel by 20% immediately.

Ok. Will add the mediawiki fixes

Should be repeated for Qubes-Whonix with only different packages noted?

Ideally would be useful but since there is no issue at the moment where
this information would help we can as well safe the time for it.

Ditto KVM also (just any different packages)?

No need. Same packages.

1 Like

Please include in Tor Browser docs:

As of Tor Browser 8.5 it 's possible to save per site JS settings across browser resets. Changes are lost if security slider changed however. This feature however is not recommended and considered dangerous as unique JS settings make a user stand out.

2 Likes

torjunkie:

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Qubes/Update

Can be deprecated or deleted?

Better to keep. Qubes-Whonix update instructions may always differ a bit
from Non-Qubes-Whonix. Since the shared contents is already in a wiki
template

related:
cursory review of Qubes-Whonix 14 installation instructions · Issue #4112 · QubesOS/qubes-issues · GitHub

Some things don’t apply to Qubes but I never prioritized to fix (remove
from wiki template, move to virtualizer specific instructions)

    1. Restart Services After Upgrading - no need when shutting down
      TemplateVM anyhow
    1. Restart After Kernel Upgrades: no need when shutting down
      TemplateVM anyhow / Qubes is using dom0 kernel anyhow unless people
      follow VM kernel instructions (probably not much people)

Why would Qubes-Whonix users need to manually configure the TemplateVM proxy (in Qubes R3.2?) as part of the “update”.

I see. Removed.

1 Like

Fixed. Thanks for pointing it out.

Thanks. OK - Will get to that as well. I appreciate I have a little backlog by now, but should have some more time coming up.

2 Likes

@nurmagoz

I know you play with Firejail a lot. So Firejail from stretch-backports works for Debian VM (FF 62) in Qubes, but that “Gah! Tab Crash” thing still happens with Tor Browser in Qubes-Whonix using the same backports version?

Did you get it working? I was hoping to just put a footnote on our Firejail page that if the stable version doesn’t work, just install the backports version - but that’s not going to work apparently.

2 Likes

Was rejected.

I’ve been trying to find a solution for that. No luck so far.

No metalink .onions. Not a total loss. I’m now comfortable using .git. :slight_smile:

2 Likes

Pity.

Surfing, Posting, Blogging → Fixed (for full edit)

I think also that Bitmessage info on the Email page should go to a separate page (detailed instructions are too long there; all other entries are relatively brief and point to their own page if necessary).

Maybe Firejail from experimental repo might fix it? Didn’t inspect that yet.

1 Like

@torjunkie @0brand yeah sadly not supporting TBB only FF.

but you can copy/add the profiles manually:

https://github.com/netblue30/firejail/blob/master/etc/start-tor-browser.profile
https://github.com/netblue30/firejail/blob/master/etc/torbrowser-launcher.profile

3 Likes

Thanks - will edit Firejail page to note if stable version is non-functional, then:

a) Try backports version 1st.
b) In desperation, edit FJ profiles manually.

This is no big deal, since we basically suggest the same kind of thing when AppArmor profiles break Tor Browser in Whonix.

Also, whoever did those onionizing edits today is pointing to non-existent files in dom0? I am missing something i.e. these proposed edits won’t work since Marek chopped those commit changes, yes? @0brand (I assume it wasn’t you, since the wiki edits were not up to your usual standard)

1 Like

:wink:

I was going by these. I was not aware they were chopped. I already had my dom0 files edited with the commit chages.

https://github.com/QubesOS/qubes-installer-qubes-os/blob/master/qubes-release/qubes-dom0.repo.in

https://github.com/QubesOS/qubes-installer-qubes-os/blob/master/qubes-release/qubes-templates.repo

2 Likes

I was just following the edited instructions as they are written, and they are pointing to file(s) and talking about commenting blocks etc that don’t exist in my system.

Can we put you as maintainer of that page? In general, I think we are better off avoiding “comment this” “uncomment that” because too many steps = room for user errors (similar to old Bridge instructions).

Better for those sections is IMO:

  1. Edit this file.
  2. Cut and paste the following text (code select style)
  3. Save and exit.
  4. Check they are functional.

@nurmagoz

  1. Where are you editing those Firejail files for persistence?
  • Whonix-Workstation TemplateVM? (whonix-ws) @ /etc/firejail?

OR

  • Whonix-Workstation AppVM (anon-ws) @ /usr/local/etc/firejail?
  1. What about the tor-browser-en.profile? No edits required?

  2. Firejail uses the default FF profile, instead of Tor Browser one if you just run “firejail torbrowser” etc.

But, pointing to updated Tor Browser profile doesn’t seem to work e.g.

firejail --profile=/etc/firejail/start-tor-browser.profile torbrowser

“Error: cannot access profile file”

Same error if you try:

firejail --profile=/usr/local/etc/firejail/start-tor-browser.profile torbrowser

(or with sudo)

And same error if you try the other Tor Browser profile.

WTF. Manual says “absolute path to profile” and gives examples very similar to above. How do we get Firejail to actually launch using the amended raw github profile because it is fucking annoying…

1 Like

dom0 upgrade required to get updated files?

And then there is also the mess with the .rpmnew file extensions.
(Similar .rpmnew: How-to: Install Qubes-Whonix)