Long Wiki Edits Thread

Thank you for your great diligence of this wiki wide review! :slight_smile:

1 Like

Haven’t tested since mixmaster is kicked out from Debian. Anything nym/re-mailer dependent needs mixmaster so it’s OK to cross out/deprecate.

2 Likes

2 posts were merged into an existing topic: Voip / Jitsi / Mumble

1. Our Qubes-Whonix documentation also has this problem:

Fix references to “ProxyVM” in docs

In 4.0, the term “ProxyVM” has been deprecated. (See here, linking to here.)

However, it is still used many times in the docs.

$ cd qubes-doc
$ grep -ir ProxyVM . | wc -l
49

The docs should be revised to reflect the more flexible architecture: instead of a whole category of vms (a qube is a ProxyVM), the new property describes an action a qube might do (provide networking).

I think we’ll want to take each instance on a case-by-case basis. In some of these cases, we might want to allow the term “proxy VM” (or something similar) to refer colloquially to the notion of a VM which provides network service to another (that is, a VM with property provides network).

2. As per @nurmagoz recommendation, I gather you’d agree the FTP page should instead focus on SFTP i.e. secure file transfer via SSH.

Looks safer (less port/firewall opening etc.), later protocol, less installation and so on.

SFTP (SSH File Transfer Protocol) is a secure file transfer protocol. It runs over the SSH protocol. It supports the full security and authentication functionality of SSH.

SFTP has pretty much replaced legacy FTP as a file transfer protocol, and is quickly replacing FTP/S. It provides all the functionality offered by these protocols, but more securely and more reliably, with easier configuration. There is basically no reason to use the legacy protocols any more.

SFTP also protects against password sniffing and man-in-the-middle attacks. It protects the integrity of the data using encryption and cryptographic hash functions, and autenticates both the server and the user.

2 Likes

That would be interesting to have. But since no users showed interest in this subject and since not very or not at all specific to Whonix, I don’t think I’ll document it. Contributions welcome. Among the fascinating stuff: rsync / ssh / sshfs / sftp over clearnet / over Tor / over onion

Plaintext FTP is still slightly interesting. Original reason for documenting plaintext FTP was some user asking about it years ago. Some public servers used to allow only download over plain FTP. Dunno if there are still any. Very unpopular subject. I don’t recall anyone asking about FTP for years. Therefore this can be burried in advanced or even esoteric documentation. I don’t really want to delete it entirely because if someone asks for it in a year I won’t recall it and not find it in any archive either. Hope that’s reasonable.

1 Like

5 posts were merged into an existing topic: Onion forum site redirects to clearnet

1. Re: YaCy

In our wiki installation instructions:

Basically, unsafe install instructions work i.e. substituting openjdk-11-jre-headless:

sudo apt-get update
sudo dpkg --configure -a
sudo apt-get install -y openjdk-11-jre-headless
wget http://latest.yacy.net/yacy_v1.922_20191013_9964.tar.gz
tar xfz yacy_v1.922_20191013_9964.tar.gz
cd yacy
./startYACY.sh

Then making the Tor Browser about:config changes noted on that wiki page. Unsafe working instructions are better than non-functional ones, right?

But this begs the question as to why bother running a server on port 8090 when you can just use the decentralized search function straight via a portal anyhow i.e. here? →

https://search.yacy.net/

2. GNUNet

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/GNUnet

  • Instructions not finished
  • Nobody asked about it ever that I remember
  • Main ToC should be working instructions that are useful, not pipedreams that might be ready a decade later (since GNUnet has been in development for two decades plus already)

So we should probably shift it to the Advanced Documentation page. If you agree, I’ll move it there.

3. For all the wiki pages on the main Documentation page that don’t have a thumbnail right now (logo etc.), how about I add the associated Libre page image as a thumbnail for each (top right-hand side), so they look “pretty” instead of just starting off with ugly, plain text.

4. The language page system section (not Tor Browser) seems focused on KDE? Outdated, non-functional?

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Language#System

5. Do we need to do a find replace for “kdesudo” instructions and replace with suitable command (outdated?) e.g.

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Anon_Connection_Wizard#Run_Anon_Connection_Wizard

If you are using a terminal Whonix-Gateway ™, type.

kdesudo anon-connection-wizard

1 Like

Probably gpg keyserver issue. I could swear we had a wiki template for that? We have various wiki templates. Ideally keyserver avoided and downloading the key from website.

Why would openjdk-11-jre-headless be unsafe? Perhaps unsupported upstream but unsafe? Possibly, I guess if a higher/unsupported version number might introduce security issues with the old code?

As long as pointed out with our usual warning box it can be done.

Indeed. the only motivation might be to support the yacy network or to be adamant about hosting one’s own or some other perk which I am not aware that a local installation brings.

Sure.

OK.

KDE stuff can be moved to /Deprecated or even deleted.

That is nowadays:

lxsudo

Can be used as drop-in replacement for kdesudo.

1 Like

Tor vs. Proxies, Proxy Chains and VPNs -> Fixed

2 Likes

new wiki page:


Would it help if I get into the habit of writing changelogs in the wiki to save you some work? Because it seems far easier to write in wiki and copy over to forums (will automatically translate the html to forum markup) than manually re-create mediawiki markup.

1 Like

1. Is the Keyboard Layout page sufficient/meant to cover off users who are entering characters other than English e.g. Japanese, Korean, Chinese etc?

If not, then we need to add an “Input Method” section there (or on the System Language page?) re: changing the input method. I see normally the recommendation is to use install & configure i-bus after having installed the necessary fonts for that particular language.

2. Re: Tor Browser language

I tested the Config File method of changing language in Tor Browser (Japanese test) and it didn’t do anything. i.e. saved config file to TB_LANG=“ja”, download Tor Browser again, still presents in English.

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Language#Config_File_Method

However, the about:preferences method I just added works correctly. It is easy and it doesn’t make sense to me why somebody would need to download a different binary re: language localization if they can just search for additional language in preferences, set it, and restart Tor Browser within 30 seconds?

1 Like

Well playing with ibus and ibus-setup gets multiple language input working e.g. Russian, Persian, Catalan characters etc. with no issues.

But Japanese seems a bit difficult to work out for some reason (probably Korean & Chinese will also give me the same grief i.e. need some special fonts installed or something)…

Re: YaCy

It is currently impossible to securely install YaCy. After:

  1. Saving the key (manually, not recv-keys which doesn’t seem to work anymore with any keyservers - blocking Tor?)
  2. Verifying fingerprints
  3. Importing the key
  4. Adding the YaCy repository (yacy.list)
  5. Running sudo apt-get update

The following error appears which was reported in 2017 (and still not fixed) - “release not signed”:

W: GPG error: http://debian.yacy.net ./ Release: The following signatures were invalid: 8BD752501CB62448A30EA3EA1F968B3903D886E7

Meaning only an unsafe install is possible.

1 Like

OK - YaCy page and Input Method for Language page -> Fixed.

That commentator in the developer forum is correct re: XFCE in how it is referenced. The Xfce homepage references it everywhere as ‘Xfce’. Do you mind doing a find replace for the wiki documentation please?

1 Like

Not easy because downloadable images are have appending -XFCE and -CLI.

1 Like

This addition (not approved) was blogged about by Bruce Schneier and has other supporting references which prove big companies are doing port scanning on a regular basis.

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/w/index.php?title=Data_Collection_Techniques&stable=0&redirect=no

Also note companies like LexisNexis use this to track users across the web with “True Location and Behavior Analysis” - readers should be aware of it since it is a novel tracking threat that almost nobody knows about.

2 Likes

2 posts were merged into an existing topic: SecBrowser: A Security-hardened, Non-anonymous Browser

I think in http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Air_Gapped_OpenPGP_Key

you want to use this command:

gpg --full-generate-key

and not:

gpg --gen-key

Because the former gives you the full list of options i.e. keysize etc. whereas the latter command doesn’t.

Is everything else there up-to-date, or do you want me to run through the steps to check it all still works? I see the wiki output shows (ancient) v1.4.15 output, but the latest version of GPG is 2.2.12.

1 Like
  1. http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Donate

You might want to remove this part due to recent slander: “…journalists such as Micah Lee,…”

  1. Please approve this page which still has 0brand as maintainer (and only remaining page on main ToC without a thumbnail):

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/w/index.php?title=Multiple_Whonix-Gateway&stable=0&redirect=no

1 Like

Feel free.

That page was created in 2013. Nowadays I am less excited about OpenPGP. GnuPG upstream makes in my opinion weird choices regarding backwards compatibility and defaults.

https://www.whonix.org/wiki/OpenPGP#Issues_with_PGP

That page could be considered more of a blog. Valid when it was written. Hard to sign up to keep this perfect and up to date for a life time. Nowadays to be seen in the context of when it was written. For advanced users probably still useful as is. Nowadays I have much less time for such side projects. If someone finds that idea still great and wants to sign up improving it, sure thing. :slight_smile:

1 Like