Long Wiki Edits Thread


Right. Yes, I recommend removing contractions where possible for clarity and a more professional style. I’ve added that to the documentation guidelines.

1) Bridges IPv6 note -> Fixed

2) https://www.whonix.org/wiki/Dev/Documentation_Guidelines -> Finished

3) Foxy Proxy (other browsers fingerprinting risk) -> Fixed.

Edited the text here: https://www.whonix.org/wiki/Tunnels/Introduction#Connecting_to_Tor_before_a_tunnel-link_.28proxy.2FVPN.2FSSH.29 and here: https://www.whonix.org/wiki/Template:FoxyProxy to read as follows:

When using a browser, connecting to Tor before a tunnel link worsens the web fingerprint. The anonymity effects of using the configuration: User -> (Proxy / VPN / SSH ->) Tor -> Proxy / VPN / SSH -> Tor Browser -> Website are unknown. How many people are likely to use a proxy, VPN or SSH IP in this manner? This setup is so specialized that probably very few are doing it, reducing the user pool to a small subset. Due to potential fingerprinting harm, it is recommended against. If proceeding despite the risk, the tunnel configuration should not be combined with any browser other than Tor Browser (e.g. Firefox, Chrome), due to an even greater browser fingerprinting risk.

So that it can be turned into a template as you suggested, and inserted into both entries accordingly.

BTW Blockquote now looks nice since fortasse fixed the text size!


4) Latest nightly build.

Tested the latest version I could find on the Tor servers. It is from 2 weeks ago (3rd April) -> but it is still running 45.8 ESR. Hmm… I thought it was the 52 ESR version that was meant to be in Linus’ folder by this late stage.

Anyway, that nightly seems to work fine.

Couldn’t find a binary anywhere else for the 52 version. I’m not up for building anything, so we can just see how the Alpha series goes when it is released in a few days time. I think it will be based on 52.1

The stable will still be based on 45.9, so it shouldn’t bork for the majority of users I suppose.

PS I see you’ve been very busy with “find” & “replace” functions :smile:



A few things…

https://www.whonix.org/w/index.php?title=Template:FoxyProxy&oldid=28943&diff=cur is a little off now.

I wonder if isn't -> is not mass replacement would be a great idea? Then the not is easily mentally skipped while reading. And I think we should value success rates understanding the documentation over form.


Always check the fingerprint for yourself.

I don’t think many users will understand that. What @HulaHoop probably meant to say is

yeah, you can see the fingerprint below, compare it, but also do your own research figuring out what the fingerprint is, don’t trust the wiki since it’s also only on a webserver over SSL or onion. (Not the same level of verification as gpg.) For best security, use the https://www.whonix.org/wiki/OpenPGP#The_OpenPGP_Web_of_Trust.

Could you reword that please? And then move it to https://www.whonix.org/wiki/Template:Gpg_fingerprint_verification since we are going to need that a few different places in the wiki? @torjunkie


Well, now you’ve opened a can of worms, you could probably do a mass find and replace for some or all of the following, depending on your level of energy:

  • isn’t -> is not
  • aren’t -> are not
  • don’t -> do not
  • doesn’t -> does not
  • haven’t -> have not
  • hasn’t -> has not
  • won’t -> will not
  • hadn’t -> had not
  • weren’t -> were not
  • wouldn’t -> would not
  • couldn’t -> could not
  • shouldn’t -> should not
  • can’t -> cannot
  • mustn’t -> must not
  • shan’t -> shall not
  • mightn’t -> might not
  • mustn’t -> must not
  • needn’t -> need not
  • oughtn’t -> ought not
  • daren’t -> dare not

Being careful not to overwrite instances in (block)quoted text throughout the wiki.

There are other contracted forms (believe it or not), but they probably aren’t in regular use in the wiki. Generally, formal language avoids contractions.

God English is a strange POS language. Did anyone tell you that editing is like diving down a rabbit hole? :wink:

RE: ProxyFoxy Template -> fixed (hopefully).

It seems to fit now with I2P and other entries in the wiki. Reverted most of the fingerprinting text.

I should have followed my own doc guidelines. ha.

Template:Gpg_fingerprint_verification -> Done. See what you think:

Before adding any foreign repository or software source, it is necessary to fetch the associated signing key (if available) and verify the fingerprint.

It is not safe to only rely on the Whonix wiki for confirmation of a key’s expected fingerprint. The reason is websites rely on fallible SSL or .onion architecture, which provides a lower verification standard than the OpenPGP implementation. Users should always check the fingerprint for themselves. In practice, this means:

  • Researching the expected key fingerprint from multiple, trusted Internet sources.
  • Explicitly checking the key fingerprint matches the expected output, before importing it or adding it to a trusted key-ring.

For the best possible security, users should always rely on the [[OpenPGP#The_OpenPGP_Web_of_Trust|OpenPGP Web of Trust]].


A post was merged into an existing topic: Qubes DispVM technical discussion




re Template:FoxyProxy

So far it’s perfect. Except the following sentence looks confusing to me:

A website test can be performed with one or more sites that normally block Tor IP addresses

At least in the context of where the template is being used.


https://www.whonix.org/wiki/Template:Gpg_fingerprint_verification looks great! Made some minor changes to it as well as to https://www.whonix.org/wiki/Template:FoxyProxy.

Will fix the contractions soonish.


Btw as always, please check my edits make sense. Having them audited is really great!

Two more Template:FoxyProxy nitpicks.


Note: FoxyProxy is one of the easiest methods to access the local web
interface to use proxies (e.g. to avoid website Tor IP bans), or to
enable other anonymizing networks like I2P.

  • (e.g. to avoid website Tor IP bans) seems out of context generally and out of context wrt to the previous sentence.
  • to enable other anonymizing networks like I2P - FoxyProxy does certainly not enable other anonymizing networks like I2P. Not sure what the original author wanted to say with that.


I think they meant: to access I2P with TBB


https://www.whonix.org/wiki/Dev/Documentation_Guidelines could use a small introduction

Similar to https://www.whonix.org/wiki/Forum_Best_Practices.

These are just some recommendations. Best practices. Not rules. Please do not go crazy about these.

Rather than setting the bar too high, it’s better to accept any contribution in good will and iterate on it later on.

And then that wiki page deserves it’s own forum thread or even blog post so contributors not following this huge thread or wiki changelog can actually see it exists.


Re: small introduction for documentation_guidelines. Added->

Note: These suggestions are recommendations for best authoring practices and do not constitute absolute rules. Whonix welcomes contributions from people who are willing to invest their time to help improve the wiki. Therefore, use this information as a guide only in the first instance.

Are you happy with the FoxyProxy template now? I just deleted that stuff you didn’t like. I can put in the “accessing other anonymizing networks like I2P” line again if you want.


Also consider for a mass find and replace:

  • DispVM -> DisposableVM
  • Disposable VM -> DisposableVM
  • Proxy VM -> ProxyVM
  • Net VM -> NetVM
  • App VM -> AppVM
  • Service VM -> ServiceVM


Note: This is for consistency and clarity e.g. DispVM is not recommended according to Qubes discussions.


https://www.whonix.org/w/index.php?title=Template:Qubes_AppArmor&oldid=28787&diff=cur has an issue. AppVM is not a synonym for TemplateBasedVM as per https://www.qubes-os.org/doc/glossary/ and previous discussions. (Since sys-whonix is a ProxyVM and should not be called AppVM. Was decided at Qubes to not overload the term ProxyVM. And since as per Qubes glossary, also a StandaloneVM can be an AppVM.)


https://www.whonix.org/w/index.php?title=Template:Qubes_NetVM_error&oldid=28702&diff=cur “If you receive” was right since it only seldom happens for few users. “Sometimes” sounds like everyone gets it once in a while. Could you specify that a bit please?


Most are either not do do or now done. :slight_smile:

As per https://www.qubes-os.org/doc/glossary/ there is DispVM but not DisposableVM.

So perhaps it should actually be DisposableVM -> DispVM? …what I don’t really like myself. Hm hard case. I actually disagree with https://www.qubes-os.org/doc/glossary/ using contractions. But it would have to be fixed in Qubes first before it can be changed in Whonix documentation.

Could you reference that please?


Actually, I am not sure about replacement of isn't -> is not. Even if more formal, I think the former is easier understood than the latter due to usage of not.


-> Fixed.

-> Fixed.

Ok. Great!

Sure (accepted github open issue) ->

No problem, we’re partying at your Whonix house, so we’ll follow your lead. :slight_smile:

And one more fix…

http://kkkkkkkkkk63ava6.onion/wiki/Grsecurity#How-To:_Qubes-Whonix -> Fixed (as per info below)

Even the kernel guru over at Qubes can’t get the 4.9 kernel with pvgrub2 VM to boot. Makes me feel a little better. :smiling_imp:

He gets the same error I did with the Debian-8 template.

So, this can be written off in the grsec instructions until this issue is solved. I’ve changed the text in the grsecurity wiki entry to reflect this.

That is, people should only run the latest available 4.8 coldkernel branch (4.8.17), or maybe use the Debian 9 template for 4.9 coldkernels (which I know this same poster has previously gotten working, according to Qubes Users forum threads I’ve seen).

Dependencies aren’t a problem anymore since the needed updates have passed to the stable Qubes repos since the update yesterday.


https://arxiv.org/pdf/1703.02874v1.pdf could use a little promotion. Do you think you could write a small summary and post this in the Whonix blog?