[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Long Wiki Edits Thread


#921

electrum! Yes! :slight_smile: Could you please notify the forum discussion threads?

update vs upgrade - definition - meaning suggesting and finding consensus among what update means, what upgrade means. Like word reference.


#922

@onion_knight

Fixed WS and GW size (in template) based on your forum thread i.e. around 50% reduction:

  • 850 MB (GW)
  • 1.1 GB (WS)

Let me know right away if that isn’t right. Also updated Whonix 14 release forum post, which had incorrect figures.

The Whonix-Gateway is reduced from 1.7 GB to 850 MB, while the Whonix-Workstation is reduced from 2 GB to 1.1 GB.

Fixed. Although I didn’t add HulaHoop’s step below (because I just saw it). Can add if you want:

Compare your microcode version number before and after updating to see if its applied:

sudo dmesg | grep “microcode updated early to”

If it succeeded it should say something like:

microcode: microcode updated early to revision X

https://wiki.debian.org/Microcode#Checking_the_microcode_version_of_your_CPU

In the process of fixing… we should recommend for host AND Whonix VMs right? So add to “Host Security” page of Basic Security Guide - seems like a nice fit there and Whonix-WS and Whonix-GW security pages for VM kernel I suppose.

Good job 0brand. You are getting some very solid contributions under your belt, and I for one welcome it! More please :slight_smile:


#923

Done!


#924

Yes please.


#925

@Patrick My bad. I thought that Debian had added a v3 onion repo but it was a Whonix url I was changing it to. Good catch.

Do you think we should recommend the onion address as a safer default, considering tht we will be transitioning to a fully onion repo list soon.


#926

I don’t expect too soon. Waiting Debian onion v3 (to proof Tor onions can handle the load) and maybe for onionbalance v3:
Onionizing Qubes-Whonix Repositories

https://www.whonix.org/wiki/Onionizing_Repositories could say “for better security, disable clearnet and leave onions only”. Added that but undocumented.

https://www.whonix.org/wiki/Onionizing_Repositories has some imperfections.

  • sudo nano

    • nano vs graphical editor
    • do we have a wiki template for that?
    • we have https://www.whonix.org/wiki/Template:Open_with_root_rights but that is for Whonix only, not guaranteed to work outside of Whonix (actually fails in Qubes Debian templates since these don’t have kwrite installed by default)
  • /etc/apt/sources.list.d/debian.list

    • Whonix: correct
    • plain Debian hosts and Qubes Debian template: incorrect, it’s /etc/apt/sources.list
  • Maybe instructions shouldn’t be by Debian packages, Whonix packages, Tor packages, Fedora packages. Perhaps better instructions for:

    • Qubes dom0
    • Qubes-Whonix TemplateVMs
    • Qubes Debian TemplateVM
    • Qubes Fedora TemplateVM
    • Non-Qubes-Whonix
    • plain Debian hosts
  • Then each chapter could contain instructions to onionize it as much as possible.

    • Whonix: from onions/clearnet to exclusive onions
    • others: from clearnet to exclusive onions

#927

As discussed with Marek and adw.

As for future Whonix support timelines… To have something doable…

  • once a new stable Qubes version is released, shortly after, there might be a 1 month notice to upgrade to that newer version of Qubes if users wish to keep using Qubes-Whonix

  • once a new stable Qubes-Whonix version is released, shortly after, there might be a 1 month notice to upgrade Qubes-Whonix if users wish to keep using Qubes-Whonix

  • once a new stable Non-Qubes-Whonix, shortly after, there will be a 1 month notice to upgrade Whonix if users wish to keep using Whonix

  • once a new stable Debian is released, shortly after, there might be a 1 month notice to upgrade Debian, if users wish to keep using Whonix

<ref>This is to relieve Whonix developers from having to diagnose and support old-stable versions of Qubes/Debian/Whonix which results in a lot duplicate maintenance effort.</ref>

Where can we add this support policy?


#928

Whonixnews, sticky on the Qubes subforum and a notice at the top of the Qubes main wiki page?


#929

Added info to the About page to pick this issue up.

Might clean up some more links before fixing up that kernel stuff, but I’ll get there soon enough


#930

corridor -> Fixed.

There is one TODO there i.e. non functional bridges config.

Also, there is one table in the FAQ wiki page saying “Ignore for now. Broken since shift” or similar (Tails vs Whonix comparison). Can we just get rid of that or update the links or whatever?


#931

Also, that Browser Plugins page is very messy.

Based on technically capable 0brand not being able to get Flash working in Tor Browser by:

a) installing flash player (non-free) from Debian; or
b) manually installing it from Adobe

and Tor Project blocking all plug-ins by default (I gather some about:config changes etc maybe also needed?), then 90% of Whonix users are not going to be capable of this, if it is even possible at all?

Has anyone got Flash working in recent Tor Browser versions?

I recommend, based on Flash:

  • being phased out by most websites
  • also being a security nightmare
  • many other safe ways to access same media e.g. downloading tools etc.
  • plus that wiki page quoting 5 year old JonDos info that just doesn’t work.

That we deprecate all the Flash instructions and point any intrested users to deprecated section i.e. it’s their own problem to work it out.

Why work hard to help users shoot themselves in the foot and fail to learn proper (safe) practices? Waste of time.


#932

The likely scenario would be a user installing Firefox in Whonix-Workstation then installing flash. Both of which are recommended against.

At current time there isn’t much that is useful in that chapter. Cleaning up that page is on my TODO but how useful will it be even after that is done? Can’t install any plugins in TBB.

Think it would be better to put our efforts into documentation that strengthens security /anonymity IMHO.


#933

Should the wiki firejail instructions have users install from stretch-backports? They currently direct users to install from jessie-backports.

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Security_Guide#Installing_Firejail


#934

All the mega-size security guide, advanced security guide, and computer security education pages are deprecated since I split them all into separate pages.

So, the correct entry for that (updated & working) is now here:

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Whonix-Workstation_Security#Install_Firejail

Make sure you don’t link to those old pages when you write up new content.


#935

MAC Address -> Fixed (and restructured)

Also, that Tor page which has a ton of information under “Advanced Topics” relating to guard fingerprinting -> all that should become it’s own Guard Fingerprinting wiki page IMO (too long to be in there).

If you agree, I’ll go ahead and create that.


#936

Ok.

Sure. I also couldn’t motivate myself to fix that plugins. (Would entail
asking TPO how to make flash plugin work.)

Sure, why not Deprecate, wiki move page to

Deprecated/Browser Plugins

0brand:

Should the wiki firejail instructions have users install from stretch-backports? They currently direct users to install from jessie-backports.

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Security_Guide#Installing_Firejail

backports only if needed. Needed for something?


#937

can someone open in https://www.whonix.org/wiki/Design new page with the name like:

Whonix Installed Packages Comparison


#938

Working on firejail profiles for Whonix. firejail-profiles(utils) are available in stretch-backport, buster, sid…

Using those profiles for reference.


#939

Comments to use Qubes .onion repositories was applied by Merak Marek. :slight_smile:

Edit: Will update onionizing Qubes repositories wiki.


#940

My last post has been edited.