[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [CONTRIBUTE] [DONATE]

Long Wiki Edits Thread

Could you make the microcode warning stronger please? Perhaps its own chapter.
(Host only. I doubt the VM can influence this.)

https://www.whonix.org/wiki/Firmware_Security_and_Updates

1 Like

I have the time, just terribly inefficient. :grimacing:

Give me a day and I’ll post what I have completed. You can use it or not. :wink:

2 Likes

Whonix 13 deprecation date: 2018 September 30

All fixed.

Should be able to get to this pretty soon.

Other minor issues:

1. No Tor Controller GUI page

We should create that. You or troubadour might want to insert some relevant text, and then add these four figures from the screenshots page in relevant sections ->

http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Screenshots#Tor_Controller_GUI

I imagine the text describes very basically what it does, the fact that Anon Connection Wizard will be integrated into it in future editions etc. Probably highlight that the eventual product might be suitable for .deb status or general packaging status for multiple linux platforms (I understand that’s the idea).

2. whonixcheck progress meter nit

(I know I haven’t gotten to Whonix code yet, will get there one day after the wiki is in decent shape)

Missing “the” ->

Checking Tor Connection, Tor Browser Version, Operating System Updates, Whonix Version, Whonix News… This will happen in the background and will take approximately three minutes…

1 Like

torjunkie:

1. No Tor Controller GUI page

We should create that. You or troubadour might want to insert some relevant text, and then add these four figures from the screenshots page in relevant sections ->

http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Screenshots#Tor_Controller_GUI

I imagine the text describes very basically what it does, the fact that Anon Connection Wizard will be integrated into it in future editions etc. Probably highlight that the eventual product might be suitable for .deb status or general packaging status for multiple linux platforms (I understand that’s the idea).

//cc @troubadour

2. whonixcheck progress meter nit

(I know I haven’t gotten to Whonix code yet, will get there one day after the wiki is in decent shape)

Missing “the” ->

Checking Tor Connection, Tor Browser Version, Operating System Updates, Whonix Version, Whonix News… This will happen in the background and will take approximately three minutes…

Fixed.

1 Like

Anyone feeling qualified to define update vs upgrade? Just synonyms? Could we fix their usage in Whonix wiki to make use of these terms more appropriate?

Whonix 13 deprecation notice completed. Not sure if this is how they should be written. Its all yours’ torjunkie (use it, or not)

              Whonix 13 EOL

The Whonix team would like to thank the community member for all the hard work that was put forth into the support of Whonix 13 over that last 2 years. Through your efforts, Whonix 13 was a success and by and large surpassed all of expectations. With the release of Whonix 14, a decision had to be made as to whether it would be feasible to continue support of Whonix 13. Under ideal circumstances, Whonix developers would continue support of Whonix 13 for a period of time. However, due to the limited resources available, the date has been set for Whonix 13 to reach EOL on 2018 September 30. On this date, Whonix 13 will become deprecated and will no longer receive security updates.

Although Whonix 13 reaches EOL in 30 days, users not be alarmed as it is still safe to use and will remain so to until 2018 September 30. At the same time, users are strongly encouraged to upgrade to Whonix 14 as soon as possible to ensure there is ample time for a smooth upgrade.[1] If users encounter and problems, please follow these instructions to submit a support request[2]

[1] https://whonix.org/wiki/Upgrading_Whonix_13_to_Whonix_14
[2] https://whonix.org/wiki/Support#Free_Support_Principle

2 Likes

PQCrypto page -> Fixed.

(I didn’t do those anon Qubes/DispVM edits BTW. Whoever that user is seems to be leaking their hardware or other identifiers looking at the wiki edits history page i.e. this ->

2a00:1298:8011:212::165‎
)

Should be a red flag warning to wiki editors if they have an incorrect configuration, no?

1 Like

Wasn’t me either. Excited that we have someone else making contributions!

Created new Template “Qubes/Clone VM” but I’m not sure if this was created correctly? (first time I created a template)

https://whonix.org/wiki/Template:Qubes/Clone_VM

1 Like
2 Likes

Created new page Qubes/Clone VMs

https://whonix.org/wiki/Qubes/Clone_VMs

Added to Multiple Whonix-Workstations

https://whonix.org//w/index.php?title=Multiple_Whonix-Workstations&oldid=35999&diff=cur

1 Like

70defaultrelease works with no problems.

Using -t buster causes the same dependency problem that causes the current wiki instructions to fail.

Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 libkf5coreaddons5 : Breaks: libkf5auth5 (< 5.47) but 5.28.0-2 is to be installed
E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages.

It looks like no -t option for now, but there is another option.

sudo apt-get install electrum/buster

Selected version '3.1.3-1' (Debian:testing [all]) for 'electrum'

I haven’t come across any issues while using these instructions.

https://manpages.debian.org/stretch/apt/apt.conf.5.en.html

https://manpages.debian.org/stretch/apt/apt_preferences.5.en.html

2 Likes

OK, so we don’t need 0brand’s post about EOL then. You should just copy that Qubes text verbatim and insert into Whonix News forum.

whonixcheck page -> All fixed

Now going back to link fixes.

@mig5 - I understand you are former OnionShare dev? Would you mind looking over these instructions for accuracy or possible hardening please?

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Onionshare

Of interest: AppArmor profile in Whonix works? How? What’s the more secure configuration in the panel options? etc.

2 Likes

Hi @torjunkie

Not former but current core dev alongside Micah.

The docs look pretty good. A couple of suggestions/notes however:

  1. Consider not mentioning the current version 1.3, or any other version. You’re only making work for yourself trying to keep the docs up to date (i.e every time OnionShare gets a new release). May as well not mention version, and make your life easier. Case in point: v.1.3.1 is the latest version.

  2. Likewise for step 6 where you list the dependencies to install. We already have that in the BUILD.md of the onionshare repo. Maybe there’s a nice way to say ‘please run the apt-get commands seen in the ‘Debian-like distros’ section of the BUILD.md in the OnionShare repo’, so that if we change dependencies, you don’t have to update obsolete documentation.

  3. Nothing you can really do about this right now, but there’s an unfortunate bug in the OnionShare ‘develop’ branch (which is the default branch) , which causes the app to crash when opening the Settings dialog. Therefore, the step where you edit settings to set the Tor connection method to ‘via control socket’, crashes. This is obviously only a temporary issue until Micah merges in a fix that’s been sitting in the queue for ages, but I can’t force him to, and we have a workflow whereby we review each other’s patches.

As a temporary workaround, you could consider either telling the user to checkout the ‘master’ branch, or, as I did in my testing just now, the latest release tag (v1.3.1 - yes I realise this then re-introduces the issue in my point 1 above, about hardcoding release numbers into your docs).

  1. The note ‘Check “Create stealth onion services” to make OnionShare operations more secure.’ is a bit too brief: it should be noted that enabling Stealth also requires action from the user fetching the files, in that they need to edit their torrc (Stealth just means ‘onion service Client Auth’.) We already have this documented, so again, you could maybe append "Note, however, that using Stealth mode makes it harder for the end user to connect to the share, because it requires them to edit their torrc. Please see the official documentation at https://github.com/micahflee/onionshare/wiki/Stealth-Onion-Services for more information’

Suffice to say the instructions otherwise worked for me.

The AppArmor profiles probably won’t work against the recent releases or against the develop/master branches of the git repo. They are super old. The contributor who has unofficially maintained/provided our AppArmor profiles has even opened a ticket saying they are out of date and need to be replaced: https://github.com/micahflee/onionshare/issues/686

We are hoping to get new AppArmor profiles from them ‘soon’. Not sure how to portray this in your docs, but for now I would not try AppArmor with OnionShare unless you are good at AppArmor profiles, and maybe if so, you can help contribute fixes via the above ticket.

As above - the only real element that currently adds extra security is Stealth mode (ClientAuth).

An additional method to reduce the risk of onion service discovery attacks is to use the Shutdown Timer setting. This allows you to self-destruct the share if no-one came and downloaded your share within an acceptable time window.

Unsetting ‘Stop sharing after first download’ is also obviously a risk as it will keep the share open after someone downloads the file (but obviously useful for sharing to multiple users or long term shares). Likewise Persistent mode is a risk as it re-uses the Onion address instead of a random one each time.

Again, I wouldn’t bother pointing any of this out, as it’s all documented in the OnionShare wiki already. Point any ‘using OnionShare’ advice to the official docs to save yourself effort. The Whonix wiki page should only show Whonix-specific steps required to install or configure OnionShare.

Hope this helps

Cheers

3 Likes

Took @0brand’s version since https://www.qubes-os.org/news/2018/08/24/whonix-13-approaching-eol/ is too Qubes specific.

Whonix 13 approaching EOL (End of Life) - 2018 September 30 - all users must upgrade!

2 Likes

Microcode needs to be installed on the host.

  • Not the default in Linux, Debian? dpkg -l | grep microcode
  • Default in Qubes? dom0: dnf list | grep microcode
1 Like

Thanks mig5. All very sane advice.

@0brand - I nitpicked your EOL announcement. Hope that’s okay (good job BTW :metal:)

3 Likes

Small nitpick: ARM is less affected and the processor in the rpi is not affected at all. In case your processor is affected you should always install patches on the host/bare metal.

1 Like

All fixed.

I didn’t add that to that Firmware section. You want those steps there somewhere?

Fixed.

And not widely known in community / explained in wiki (much). Hence why Xen only has low 100s in identified bugs, where Linux / Microsoft is through the roof. Will note & add that link to microkernel research i.e. you’re screwed on normal Linux platform by comparison.

Yet another reason to run Qubes, and have a small target at the core of your system.

2 Likes
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]