Long Wiki Edits Thread

New wiki chapter:
Onion v2 Deprecation

new wiki page:

made a change with the installation command and i added apparmor-utils because it doesnt come by default with debian and without it “aa-enforce” command is not there.

1 Like

Great. Reminded me to update chapter AppArmor Notifications and document apparmor-notify.

new wiki chapter:
Tor Generic Bug Reproduction

Moved all discussion duplicated in this forum thread exclusively here:

New wiki page:

(Similar to:

)

Updated:

4 posts were split to a new topic: Debian bullseye port

I gather Kicksecure doesn’t have an official logo yet?

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Kicksecure

How about a News post requesting interested designers come up with one and they can be attributed as the designer forever more? The post can be modeled on the one where you asked for Whonix logo redesign ideas.

Also, I think you mentioned recently that you were slowing down with Tor releases in Whonix. However, the latest Tor stable is now up to 4.6.6 (or thereabouts), so I wonder if that decision will be reviewed?

1 Like

new wiki page:

Indeed.

I am wondering if it’s better to wait until the kicksecure.com domain is ready. It’s done but hidden behind http simple authentication. Otherwise that would confuse search engines.

Rewriting the whole wiki though to remove anonymity aspects and make it security only is a big effort and progress is slow unfortunately.

What I’d like to avoid is anyone confusing Whonix vs Kicksecure.

Could you review Account and Mobile Security: Difference between revisions - Whonix please? @HulaHoop

1 Like

Good. Approved.

1 Like

1. OK, so:

So that leads us to Chapter 4 Sandboxing:

Linux Hardening Guide | Madaidan's Insecurities

I think we should create a standalone page (full licensing) for this one, but with a focus on systemd sandboxing. The other stuff can be for the introduction i.e. sandbox escapes etc.

We can also reference your addition to the security hardening checklist: ~krathalan/systemd-sandboxing - sourcehut git

Does this apply to both Whonix VMs and host, or just the host? (I presume it applies to Whonix also.)

If you agree, I’ll go ahead and create and populate that page.

2. GNUnet

@hulahoop

This section is very confusing:

Users have to do all this then attempt to install GNUnet? Or the other way around? It needs a basic explanation upfront why this (chroot) is required (or not if optional and they want to take the risk).

What about if I want to run the latest version from the GNUnet website, see:

GNUnet

Once I know, we can add instructions for always downloading and verifying the latest versions from here (14.1 at the time of writing):

Index of /gnu/gnunet

With this key:

GNUnet

So we should show instructions for these as the example:

gnunet-0.14.1.tar.gz
gnunet-0.14.1.tar.gz.sig

I also presume all of this is happening in Whonix-WS, and just the installation steps in Whonix-WS-15 template VM in Qubes-Whonix (obviously we’d recommend a separate template and AppVM for this purpose).

1 Like

I suggest to slow down with importing contents from madaidan until licensing is sorted out.

A post was merged into an existing topic: Locking down your SSH Server and Client

You’re right. It was a brief brainstorm about an idea to make a more censorship robust notification system and it doesn’t belong on here, but on the permanent take-down threat ticket. As for the mmdebstrap steps below it, i have no idea how those got here (weren’t added by me I think) or how they help in installing the thing itself.

I was never able to get it to work and still don’t know why.

1 Like