Long Wiki Edit Thread

sheep · May 15, 2019, 5:19am

The issue of burdensome and repetitive instructions on a single page regarding the different ways to edit a text file was discussed before. I was recently surprised to find this taking place even on the KVM installation instructions page.

I would like to suggest the following be added to the top of every guide-style page that requires editing text files:

Editing text files
In this guide [/page] we use nano [optional: link to a very quick guide, added below] as a text editor. If you prefer a graphical editor use mousepad (on XFCE) or kwrite (on KDE).
For example, instead of:

nano filename [or always sudo nano?]

use

kdesudo mousepad filename

Then, all the instructions throughout the page will only use nano instead of the repeated clause "if you are using… then… ".

To make things more friendly I wrote the following “very quick guide” mentioned above (should appear on a dedicated page, containing only that):

Nano is a popular and simple text editor in Linux. Basic usage:

Open the file for editing by typing in terminal:

nano filename

If the file was created by root, we need to use sudo to get proper privileges:

sudo nano filename

If you try to edit a file that does not exist, nano will create the file.

Essential keyboard shortcuts:

To save: CTRL-O
To Exit: CTRL-X
Moving the cursor is done using the arrow keys or Page Up and Page Down. Mouse click does not move the cursor.

More keyboard shortcuts:

To delete a full line: move to that line, then press CTRL-K
To search: press CTRL-W, then type the text you wish to find, then ENTER.

Formatting can be improved of course.
More can be added, but I think it’s unnecessary. Better keep it short. Even the search function is probably not required for the tasks users are expected to follow throughout the guides. We may add:

For the complete features, type

man nano

nurmagoz · May 15, 2019, 11:29am

Yes if we talk about stable which is stretch then that might be still working , but im using now buster and testing it with vbox-whonix-15. so instructions for e.g which doesnt work like

virsh -c qemu:///system net-define Whonix-External.xml

It says:

error: failed to get network ‘Whonix-External’
error: Network not found: no network with matching name ‘Whonix-External’

This one i faced in buster , i dunno if something changed as well in stretch.

torjunkie · May 17, 2019, 9:14am

No problem. BTW I forget why the v3 onion Whonix download links were removed form the relevant template(s)?

I saw someone (not me) editing KVM instructions talking about this exact naming issue (and name change) recently? Didn’t look closely, but something about Whonix (or external?) being dropped from network name.

nurmagoz · May 17, 2019, 10:32am

I dunno if thats the case then again wiki instructions must be updated to solve this issue.

HulaHoop · May 22, 2019, 5:23am

This ticket has some nice resources for testing screen resolution leaks from Tor Browser.

Where can I add this?

Patrick · May 22, 2019, 4:31pm

Browser Tests - Whonix fits and add a link from Tor Browser Advanced Topics too?

Patrick · May 22, 2019, 4:41pm

torjunkie · May 23, 2019, 9:25am

@Patrick

1. The second, extra Whonix-WS firewall wiki info went MIA? Is it deprecated / no longer under development? If so, there are a few references to it here and there that need to be removed from wiki e.g.

http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/System_Hardening_Checklist#Whonix_.E2.84.A2_VM_Security

Consider enabling the optional (extra) Whonix-Workstation ™ firewall.

2. Also this recommendation in the “Expert” section - what about Coreboot? Should we add it - did anyone ever get Whonix running on it? (never tried - way, way too hard ) cc: @madaidan

Libreboot is a free, opensource BIOS or UEFI replacement (firmware) that initializes the hardware and starts the bootloader for your OS.

Patrick · May 23, 2019, 9:26am

It is default enabled for a while now.

torjunkie · May 23, 2019, 9:27am

Ah okay - will fix that here and there in the wiki.

Patrick · May 23, 2019, 11:02am

Could you please document

clock-random-manual-cli (see man clock-random-manual-cli)
and clock-random-manual-gui?

It’s there since Whonix 14 already but never documented. It is supposed to be used in case sdwdate is failing.

madaidan · May 23, 2019, 4:24pm

I’ve never tried Coreboot/Libreboot as it’ll probably brick my motherboard. I would recommend against Libreboot though as
it allows no proprietary firmware at all. This means no microcode updates which are pretty important for security.

0brand · May 24, 2019, 3:59pm

It doesn’t look like forcing onion with HTTPS Everywhere user rule sets is possible with the current version which is 2019.5.13. Or at least it can’t be done using these instructions.

https://whonix.org/wiki/Forcing_.onion_on_Whonix.org#Adding_User_Rules

I am able to copy over my user rule sets from an earlier Tor Browser/HTTPS Everywhere version. (works OK). However, unless someone has an idea, this part of the forcing onion docs should be deprecated imo.

torjunkie · May 26, 2019, 2:50am

@Patrick

Please do a mass find-replace for “->” and use the HTML right-hand arrow instead:

→

which looks much better.

What do you think @HulaHoop ? remove? (if mere mortals can’t achieve it & no microcode updates available)

HulaHoop · May 26, 2019, 4:22am

Yeah please recommend against libreboot and the reason why (hopelessly impractical becuase firmware blacklisting), also keep a note on Coreboot for those who might want to buy systems that have it by default like Chromebooks or maybe they would want to research how to flash it onto the handful of refurbished boards out there that support it.

Patrick · May 27, 2019, 10:20am

Done.

torjunkie · May 30, 2019, 8:56am

Thanks, will fix that.

Thanks, looks much better

Confirmed that these instructions don’t work (as you pointed out already):

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Onionizing_Repositories#Onionize_whonix.list

(x2 on that page)

sudo whonix_repository --baseuri http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion --enable --repository stable

whonix_repository unknown option: --baseuri

The only thing I couldn’t remember in those edits was whether it must be tor+http for whonix sources list, or just http.

(Or maybe you already modified the code block by default to have the onion available just by uncommenting - don’t remember, was a while since I played with whonix sources)

Patrick · June 1, 2019, 12:47am

Thanks for pointing that out. Room for improvement here.

As a general rule:
When using apt-get and .onion one should always be using tor+http whether inside or outside of Whonix. Non-critical (as per footnotes in link below).

I added that to Essential Host Security but it may still not be clear enough.

Also Essential Host Security might not be perfect placement and also interlinking with Onionizing Repositories is missing.

Having learned that, pointing out tor+http on Onionizing Repositories might be useful too?

When using apt-get and .onion one should always be using tor+http whether inside or outside of Whonix. Non-critical (as per footnotes in link below).

That said, we might be missing tor+http in various places on Onionizing Repositories and even in (Qubes) source files?

Patrick · June 1, 2019, 7:42am

Wiki History - template deprecation isn’t ideal. If tor+http doesn’t work on plain Debian, then we need to update the instructions for plain Debian. The fix would be “install apt-transport-tor beforehand” most likely. tor+http isn’t developed by Whonix, apt-transport-tor implements it. Could you revert that please?

torjunkie · June 1, 2019, 11:06pm

Will fix that.

In that apt-transport-tor stuff, I had also changed one of the weird onions (earth… .onion) to the proper Debian security one? Check that was correct also.

BTW Can Whonix builds etc. borrow any settings from this hardening list?