Long Wiki Edits Thread

Tor 3.4.8 upgrade - nice. :slight_smile:

Couple of issues re: wiki.

1. One person noted over in the Qubes issues tracker a valid point re: upgrading to Whonix 14, prior to a Qubes 4.0.1 release where it is the default. That is, we recommend the uninstalling of Whonix 13, then using Salt etc to download the new Whonix 14 version.

Problem is, clearnet download says to adversaries: “Look over here! I’m one of the few 10s of thousands that uses Whonix in Qubes. Please rape me at IP address XX.XXX.XXX.XX”?

2. We say in a few places that you should have the latest Tor Browser installed on the host (Qubes: a DebianBased AppVM?) to check Tor connectivity if Whonix is borked & to find a viable solution.

Fine, but I think the days of manual downloads from Tor Project, and key, and verifying on the command line are so 1999.

Why don’t we explicitly note in the wiki instead a preference for the torbrowser-launcher method instead (from stretch-backports):

TorBrowser - Debian Wiki

Install from official repository

Debian “experimental”

If not already done add the experimental repository to your sources.list.

printf "deb http://deb.debian.org/debian experimental main contrib" > /etc/apt/sources.list.d/experimental.list
apt update

Using Terminal as Root execute the following command

apt install torbrowser-launcher -t experimental

Debian “Sid”

Users of Debian Sid (Unstable) can install torbrowser-launcher easily:

Using Terminal as Root execute the following command

apt install torbrowser-launcher

Debian 9 “Stretch”

If not already done add the Backport repository to your sources.list.

printf "deb http://deb.debian.org/debian stretch-backports main contrib" > /etc/apt/sources.list.d/stretch-backports.list
apt update

Using Terminal as Root execute the following command

apt install torbrowser-launcher -t stretch-backports

To open Tor Browser choose one of the following two options

    Option 1: Using GNOME, open the Activities Search. Simply type in Tor Browser

    Option 2: Using Terminal as user run the following command 

torbrowser-launcher

The first time you open Tor Browser the new version will automatically be downloaded and installed. On every subsequent open a check for updates will be done, and Tor Browser will automatically be updated to the latest available version from the Backport repository. 

I like the torbrowser-launcher option by Micah (and @mig5?). I tested it, and unfortunately doesn’t work due to the new signing sub-key or whatever used by the Tor Project not yet being recognized.

No doubt it is a marked issue to fix and will be sorted shortly, but do you like this method @Patrick i.e. automate things?

Still on my TODO:

  • Continue link fixes
  • Note upgrading kernel steps to address various threats recently discussed
  • General edits for awkward text etc.
1 Like

@torjunkie in my experience, micah’s program in the debian repos breaks often due to various changes done by torproject.org. i have not had a consistent enough positive experience that i think it is viable through the debian repos.

3 Likes

@Patrick

1. I still see jessie references here and there e.g.

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Template:Build_Documentation_Whonix_APT_Repository

You might want to do a global search and see if any critical pages / templates are affected and use the wiki variable for “current Debian version” instead so they always remain current.

2. Also, that testers page where there are blank sections - what does this signify? I gather it means that test is hard to complete in Whonix now i.e. new command line variables and/or just that stretch command line operations are different?

E.g.13 blank sections there currently (see below).

Any easy fixes with your command line expertise or those we can deprecate? @0brand might want to get on in this technical stuff too →

  1. Install test wise new kernel.
  2. Test if arm’s new identity function is working.
  3. After logging in you should see Whonix help/welcome/disclaimer message.
  4. Test connecting to an obfsproxy bridge.
  5. Power off Whonix-Gateway. Try to ping outside or to use the browser in Whonix-Workstation. Obviously, should NOT work.
  6. Power on Whonix-Gateway again. Visit https://check.torproject.org/ with Tor Browser. You should see a “Congratulations”.
  7. Test Tor Button’s New Identity Feature.
  8. Note: Ping commands should NOT work for external addresses from your Whonix-Workstation, ICMP traffic[5] is not proxied, and filtered by Whonix’s Firewall (/usr/bin/whonix_firewall), because Tor does not support UDP.
  9. dig google.com must only return a single IP, compare with the output on Whonix-Gateway or Host.
  10. Setup an onion service on Whonix-Gateway and test if it works. You can access your own test onion service using Tor Browser.
  11. See if whonixcheck gets autostarted.
  12. Test HexChat, connect to a an SSL protected IRC server.
  13. Test HexChat, connect to a hidden IRC server.
1 Like

The FAQ page now wants to download some type of file when you click on the link instead of showing the relevant wiki page? :thinking:

1 Like

Sorry @torjunkie, that was an issue I accidentally re-introduced yesterday working on wiki codebase stuff. Fixed.

2 Likes

torjunkie:

@Patrick

1. I still see jessie references here and there e.g.

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Template:Build_Documentation_Whonix_APT_Repository

You might want to do a global search and see if any critical pages / templates are affected and use the wiki variable for “current Debian version” instead so they always remain current.

Already done. That one slipped through.

2. Also, that testers page where there are blank sections - what does this signify?

Just a stylistic choice. Once preformatted/code box per test item.

I gather it means that test is hard to complete in Whonix now i.e. new command line variables and/or just that stretch command line operations are different?

No. If stuff like "See if whonixcheck gets autostarted. " needs a
lengthily explanation, then the effort explaining how to do that would
be higher than the gain of having this tested.

E.g.13 blank sections there currently (see below).

Any easy fixes with your command line expertise or those we can deprecate? @0brand might want to get on in this technical stuff too

The more I think about it the less I think the /Test page is fixable /
anyone reading it. I doubt anyone is doing it.

For example it says:

cat /etc/apt/sources.list

However we are not using that file anymore in Whonix.

cat: /etc/apt/sources.list: No such file or directory

Yet that was never questioned.

The solution:

Everything said on that page should be TODO items for whonixcheck as far
as that is possible. Everything else:

1 Like

torjunkie:

2. We say in a few places that you should have the latest Tor Browser installed on the host (Qubes: a DebianBased AppVM?) to check Tor connectivity if Whonix is borked & to find a viable solution.

Fine, but I think the days of manual downloads from Tor Project, and key, and verifying on the command line are so 1999.

Why don’t we explicitly note in the wiki instead a preference for the torbrowser-launcher method instead (from stretch-backports):

Let’s use GitHub - Kicksecure/tb-updater: Tor Browser Downloader - Automates download and verification of Tor Browser from The Tor Project's website. This package is produced independently of, and carries no guarantee from, The Tor Project. - yes, now also supported
on Debian.

1 Like

Deprecate it then?

OK - added to my backlog (bit busy at the minute).

Anyhow, Tor Entry Guards → Fixed.

(I’ll fix those links due to restructuring after you approve it)

Also, shouldn’t all the templates that refer to running “Whonix Setup” or “Whonix Setup Wizard” (as GUI options) instead now state “Anon Connection Wizard” following release of Whonix 14?

There are a bunch of template references where this applies (I’m just noticing it on the Tor Entry Guards wiki page).

Edit: I realize I introduced an annoying grammatical nit through most pages → “, and” which is in most circumstances incorrect. Stylometry’s a bitch. :smirk:

1 Like

‘’‘3.’‘’ Enable Tor using whonixsetup / whonix-setup-wizard at the new location.

vs

‘’‘3.’‘’ Enable Tor using Whonix Setup / Whonix Setup Wizard at the new location.

It was written whonixsetup because it was referring to the command line version.

1 Like

Fixed. That Surfing Posting etc page needs more work, plus re-organization which I’ll knock off.

@0brand

Is this up-to-date now you had your Qubes commit accepted?

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Onionizing_Repositories

1 Like

Is the commit in Qubes stable?

1 Like

I guess not if the following is the right package.

1 Like

Just a heads up - some big changes in OnionShare are coming, and have landed in develop branch already (such as v3 onion support). But on Debian Stretch (and so Whonix), it will be necessary to pip3 install pysha3 to use v3 support. We hope to get python3-sha3 backported to stretch-backports, if not also OnionShare itself, to deal with this awkward issue.

We’ll mention this in the OnionShare docs, and I realise I’m contradicting myself by my earlier statement ‘just point people at the official docs’, but given it will specifically affect Whonix users, maybe it’s not a bad one-liner to add. Let me know if it would be more convenient if I made the change and you reviewed? Thanks for your efforts :slight_smile:

1 Like

Not sure if I should have made a request for issue #2623 to be reopened first, and then made the pull request.

1 Like

Ah okay - no worries. They take a while to filter to stable. I’m very keen to see it implemented, as your stuff will save a lot of time and is a major improvement.

That’s great. Yes please, go ahead and edit away. I’ve added you as a maintainer of the page (pending edits), since who am I to question the OnionShare lead mechanic :wink:

And thanks for all your efforts on the website. It is running smoother than I ever remember, all the errors seem to have disappeared, and the v3 onion seems to be available all the time now. A truly shocking combination compared to previous times, and I think it wasn’t just luck! Maybe new hardware also helped?

Also, a suggested News Forum topic (if you like @Patrick , I’ll post it)

A Callout to Whonix Cryptocurrency Users

Dear Whonix users,

Recently, members of the Monero community approached us in the Organization forum about ways in which we could collaborate together. [1]

The Monero community has a reputation for being passionate about privacy and there are a significant number of users who also rely on Whonix for their activities. With obvious shared goals and interests, a number of Monero community members quickly came forward and provided detailed, fully-functional instructions for Monero on the Whonix platform. [2]

The Whonix team would like to thank OSNF2P, thotbot, rehrar and others for their efforts and ongoing maintainer status of the Monero wiki page.

Based on this success, we would like to welcome members from other popular cryptocurrency communities such as Bitcoin, Ethereum and so on to step forward and improve the existing Whonix wiki sections that already exist, but which are either out-of-date or unfinished. [3]

The wiki badly needs the love of afficinados who want a win-win for both communities: working crypto instructions combined with a higher-security, virtualized platform.

Anybody who is willing to contribute can freely edit the relevant wiki pages and/or nominate themself for maintainer status.

References

[1] http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/monero-and-whonix-sitting-in-a-tree/5949
[2] http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Monero
[3] http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Money

3 Likes

Thanks! No new hardware yet, so that’s a nice surprise.

We have a strange bug on Phabricator (the comment field has disappeared in tickets) which I can’t figure out, otherwise yes, things are stable. I upgraded MediaWiki overnight too to address some security issues, as well as Discourse.

After the Debian .onion drama on the weekend, I’ve added some monitoring of the content of the Whonix .onion front page too.

3 Likes

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Qubes/Update

Can be deprecated or deleted?

Why would Qubes-Whonix users need to manually configure the TemplateVM proxy (in Qubes R3.2?) as part of the “update”.

That is:

a) Should be already setup by users well before then either automatically at install; or

b) They would have already set this up when configuring Whonix the first time after manually downloading templates.

Since Qubes R4 is using Salt - doesn’t apply at all (normal update page is fine).

It only applies to Qubes R3.2, but I presume all the “preparation” steps can either sent to a separate “configuring sys-whonix as a ProxyVM” section somewhere (specific to R3.2), and the rest of the page is not needed (delete it), since it just repeats the same text as the update page (?) →

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Operating_System_Software_and_Updates#Updates

Mediawiki changes in progress:

1 Like

Let’s compare two pages.

a) mediawiki orignal:

  • The underline below a chapter is good?
  • right amount of space between chapter title and text?
  • right amount of space between chapters?

b) Whonix wiki:

  • too much space after title headline and next?

Finished!

1 Like