Long Wiki Edits Thread

torjunkie:

2. We say in a few places that you should have the latest Tor Browser installed on the host (Qubes: a DebianBased AppVM?) to check Tor connectivity if Whonix is borked & to find a viable solution.

Fine, but I think the days of manual downloads from Tor Project, and key, and verifying on the command line are so 1999.

Why don’t we explicitly note in the wiki instead a preference for the torbrowser-launcher method instead (from stretch-backports):

Let’s use GitHub - Kicksecure/tb-updater: Tor Browser Downloader - Automates download and verification of Tor Browser from The Tor Project's website. This package is produced independently of, and carries no guarantee from, The Tor Project. - yes, now also supported
on Debian.

Deprecate it then?

OK - added to my backlog (bit busy at the minute).

Anyhow, Tor Entry Guards → Fixed.

(I’ll fix those links due to restructuring after you approve it)

Also, shouldn’t all the templates that refer to running “Whonix Setup” or “Whonix Setup Wizard” (as GUI options) instead now state “Anon Connection Wizard” following release of Whonix 14?

There are a bunch of template references where this applies (I’m just noticing it on the Tor Entry Guards wiki page).

Edit: I realize I introduced an annoying grammatical nit through most pages → “, and” which is in most circumstances incorrect. Stylometry’s a bitch.

‘’‘3.’‘’ Enable Tor using whonixsetup / whonix-setup-wizard at the new location.

vs

‘’‘3.’‘’ Enable Tor using Whonix Setup / Whonix Setup Wizard at the new location.

It was written whonixsetup because it was referring to the command line version.

Fixed. That Surfing Posting etc page needs more work, plus re-organization which I’ll knock off.

@0brand

Is this up-to-date now you had your Qubes commit accepted?

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Onionizing_Repositories

Is the commit in Qubes stable?

I guess not if the following is the right package.

Just a heads up - some big changes in OnionShare are coming, and have landed in develop branch already (such as v3 onion support). But on Debian Stretch (and so Whonix), it will be necessary to pip3 install pysha3 to use v3 support. We hope to get python3-sha3 backported to stretch-backports, if not also OnionShare itself, to deal with this awkward issue.

We’ll mention this in the OnionShare docs, and I realise I’m contradicting myself by my earlier statement ‘just point people at the official docs’, but given it will specifically affect Whonix users, maybe it’s not a bad one-liner to add. Let me know if it would be more convenient if I made the change and you reviewed? Thanks for your efforts

Not sure if I should have made a request for issue #2623 to be reopened first, and then made the pull request.

Ah okay - no worries. They take a while to filter to stable. I’m very keen to see it implemented, as your stuff will save a lot of time and is a major improvement.

That’s great. Yes please, go ahead and edit away. I’ve added you as a maintainer of the page (pending edits), since who am I to question the OnionShare lead mechanic

And thanks for all your efforts on the website. It is running smoother than I ever remember, all the errors seem to have disappeared, and the v3 onion seems to be available all the time now. A truly shocking combination compared to previous times, and I think it wasn’t just luck! Maybe new hardware also helped?

Also, a suggested News Forum topic (if you like @Patrick , I’ll post it)

A Callout to Whonix Cryptocurrency Users

Dear Whonix users,

Recently, members of the Monero community approached us in the Organization forum about ways in which we could collaborate together. [1]

The Monero community has a reputation for being passionate about privacy and there are a significant number of users who also rely on Whonix for their activities. With obvious shared goals and interests, a number of Monero community members quickly came forward and provided detailed, fully-functional instructions for Monero on the Whonix platform. [2]

The Whonix team would like to thank OSNF2P, thotbot, rehrar and others for their efforts and ongoing maintainer status of the Monero wiki page.

Based on this success, we would like to welcome members from other popular cryptocurrency communities such as Bitcoin, Ethereum and so on to step forward and improve the existing Whonix wiki sections that already exist, but which are either out-of-date or unfinished. [3]

The wiki badly needs the love of afficinados who want a win-win for both communities: working crypto instructions combined with a higher-security, virtualized platform.

Anybody who is willing to contribute can freely edit the relevant wiki pages and/or nominate themself for maintainer status.

References

[1] http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/monero-and-whonix-sitting-in-a-tree/5949
[2] http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Monero
[3] http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Money

Thanks! No new hardware yet, so that’s a nice surprise.

We have a strange bug on Phabricator (the comment field has disappeared in tickets) which I can’t figure out, otherwise yes, things are stable. I upgraded MediaWiki overnight too to address some security issues, as well as Discourse.

After the Debian .onion drama on the weekend, I’ve added some monitoring of the content of the Whonix .onion front page too.

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Qubes/Update

Can be deprecated or deleted?

Why would Qubes-Whonix users need to manually configure the TemplateVM proxy (in Qubes R3.2?) as part of the “update”.

That is:

a) Should be already setup by users well before then either automatically at install; or

b) They would have already set this up when configuring Whonix the first time after manually downloading templates.

Since Qubes R4 is using Salt - doesn’t apply at all (normal update page is fine).

It only applies to Qubes R3.2, but I presume all the “preparation” steps can either sent to a separate “configuring sys-whonix as a ProxyVM” section somewhere (specific to R3.2), and the rest of the page is not needed (delete it), since it just repeats the same text as the update page (?) →

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Operating_System_Software_and_Updates#Updates

Mediawiki changes in progress:

• Permission error - Whonix
• ⚓ T809 mediawiki fixes

Let’s compare two pages.

• a) a page in wikipedia running orignal mediawiki, I think - Whonix - Wikipedia / Unix-like - Wikipedia
• b) Whonix wiki: Verifying Software Signatures - Kicksecure

a) mediawiki orignal:

• The underline below a chapter is good?
• right amount of space between chapter title and text?
• right amount of space between chapters?

b) Whonix wiki:

• too much space after title headline and next?

Finished!

Yes to all questions. So if we can rip off and insert those wikipedia settings into Whonix, we improve the look and feel by 20% immediately.

I see someone also improved the Whonix wikipedia entry. It was very ordinary a couple of years ago.

Good job - useful having a full package list like that.

Should be repeated for Qubes-Whonix with only different packages noted?

Ditto KVM also (just any different packages)?

torjunkie:

Yes to all questions. So if we can rip off and insert those wikipedia settings into Whonix, we improve the look and feel by 20% immediately.

Ok. Will add the mediawiki fixes

Should be repeated for Qubes-Whonix with only different packages noted?

Ideally would be useful but since there is no issue at the moment where
this information would help we can as well safe the time for it.

Ditto KVM also (just any different packages)?

No need. Same packages.

Please include in Tor Browser docs:

As of Tor Browser 8.5 it 's possible to save per site JS settings across browser resets. Changes are lost if security slider changed however. This feature however is not recommended and considered dangerous as unique JS settings make a user stand out.

torjunkie:

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Qubes/Update

Can be deprecated or deleted?

Better to keep. Qubes-Whonix update instructions may always differ a bit
from Non-Qubes-Whonix. Since the shared contents is already in a wiki
template

related:
cursory review of Qubes-Whonix 14 installation instructions · Issue #4112 · QubesOS/qubes-issues · GitHub

Some things don’t apply to Qubes but I never prioritized to fix (remove
from wiki template, move to virtualizer specific instructions)

• 6. Restart Services After Upgrading - no need when shutting down
     TemplateVM anyhow
• 7. Restart After Kernel Upgrades: no need when shutting down
     TemplateVM anyhow / Qubes is using dom0 kernel anyhow unless people
     follow VM kernel instructions (probably not much people)

Why would Qubes-Whonix users need to manually configure the TemplateVM proxy (in Qubes R3.2?) as part of the “update”.

I see. Removed.

Fixed. Thanks for pointing it out.

Thanks. OK - Will get to that as well. I appreciate I have a little backlog by now, but should have some more time coming up.

@nurmagoz

I know you play with Firejail a lot. So Firejail from stretch-backports works for Debian VM (FF 62) in Qubes, but that “Gah! Tab Crash” thing still happens with Tor Browser in Qubes-Whonix using the same backports version?

Did you get it working? I was hoping to just put a footnote on our Firejail page that if the stable version doesn’t work, just install the backports version - but that’s not going to work apparently.