Long Wiki Edits Thread

Great!

A few things…


Error - Whonix is a little off now.

  • The previous version mentioned possible fingerprinting issues due to using FoxyProxy vs few users. The latest version omits that.
  • As per Login required - Whonix, the FoxyProxy addon is not always used for user -> Tor -> Proxy / VPN / SSH (actually nowhere), but only in context of connections to local web interfaces.
  • user -> Tor -> Proxy / VPN / SSH issue is already documented where appropriate at Combining Tunnels with Tor.
  • Using == inside the template has to be done with care, so it does not break any pages that use the template. It currently looks broken on the Invisible Internet Project (I2P) page.

I wonder if isn'tis not mass replacement would be a great idea? Then the not is easily mentally skipped while reading. And I think we should value success rates understanding the documentation over form.

1 Like

Always check the fingerprint for yourself.

I don’t think many users will understand that. What @HulaHoop probably meant to say is

yeah, you can see the fingerprint below, compare it, but also do your own research figuring out what the fingerprint is, don’t trust the wiki since it’s also only on a webserver over SSL or onion. (Not the same level of verification as gpg.) For best security, use the OpenPGP - Kicksecure.

Could you reword that please? And then move it to https://www.whonix.org/wiki/Template:Gpg_fingerprint_verification since we are going to need that a few different places in the wiki? @torjunkie

1 Like

Well, now you’ve opened a can of worms, you could probably do a mass find and replace for some or all of the following, depending on your level of energy:

  • isn’t → is not
  • aren’t → are not
  • don’t → do not
  • doesn’t → does not
  • haven’t → have not
  • hasn’t → has not
  • won’t → will not
  • hadn’t → had not
  • weren’t → were not
  • wouldn’t → would not
  • couldn’t → could not
  • shouldn’t → should not
  • can’t → cannot
  • mustn’t → must not
  • shan’t → shall not
  • mightn’t → might not
  • mustn’t → must not
  • needn’t → need not
  • oughtn’t → ought not
  • daren’t → dare not

Being careful not to overwrite instances in (block)quoted text throughout the wiki.

There are other contracted forms (believe it or not), but they probably aren’t in regular use in the wiki. Generally, formal language avoids contractions.

God English is a strange POS language. Did anyone tell you that editing is like diving down a rabbit hole? :wink:

RE: ProxyFoxy Template → fixed (hopefully).

It seems to fit now with I2P and other entries in the wiki. Reverted most of the fingerprinting text.

I should have followed my own doc guidelines. ha.

Template:Gpg_fingerprint_verification → Done. See what you think:

Before adding any foreign repository or software source, it is necessary to fetch the associated signing key (if available) and verify the fingerprint.

It is not safe to only rely on the Whonix wiki for confirmation of a key’s expected fingerprint. The reason is websites rely on fallible SSL or .onion architecture, which provides a lower verification standard than the OpenPGP implementation. Users should always check the fingerprint for themselves. In practice, this means:

  • Researching the expected key fingerprint from multiple, trusted Internet sources.
  • Explicitly checking the key fingerprint matches the expected output, before importing it or adding it to a trusted key-ring.

For the best possible security, users should always rely on the [[OpenPGP#The_OpenPGP_Web_of_Trust|OpenPGP Web of Trust]].

1 Like

A post was merged into an existing topic: Qubes DispVM technical discussion

Moved:

re Template:FoxyProxy

So far it’s perfect. Except the following sentence looks confusing to me:

A website test can be performed with one or more sites that normally block Tor IP addresses

At least in the context of where the template is being used.

https://www.whonix.org/wiki/Template:Gpg_fingerprint_verification looks great! Made some minor changes to it as well as to https://www.whonix.org/wiki/Template:FoxyProxy.

Will fix the contractions soonish.

Btw as always, please check my edits make sense. Having them audited is really great!

Two more Template:FoxyProxy nitpicks.

Currenty:

Note: FoxyProxy is one of the easiest methods to access the local web
interface to use proxies (e.g. to avoid website Tor IP bans), or to
enable other anonymizing networks like I2P.

  • (e.g. to avoid website Tor IP bans) seems out of context generally and out of context wrt to the previous sentence.
  • to enable other anonymizing networks like I2P - FoxyProxy does certainly not enable other anonymizing networks like I2P. Not sure what the original author wanted to say with that.

I think they meant: to access I2P with TBB

1 Like

Documentation Guidelines could use a small introduction

Similar to Kicksecure Forums Usage Instructions, Best Practices and FAQ.

These are just some recommendations. Best practices. Not rules. Please do not go crazy about these.

Rather than setting the bar too high, it’s better to accept any contribution in good will and iterate on it later on.

And then that wiki page deserves it’s own forum thread or even blog post so contributors not following this huge thread or wiki changelog can actually see it exists.

Re: small introduction for documentation_guidelines. Added->

Note: These suggestions are recommendations for best authoring practices and do not constitute absolute rules. Whonix welcomes contributions from people who are willing to invest their time to help improve the wiki. Therefore, use this information as a guide only in the first instance.

Are you happy with the FoxyProxy template now? I just deleted that stuff you didn’t like. I can put in the “accessing other anonymizing networks like I2P” line again if you want.

1 Like

Also consider for a mass find and replace:

  • DispVM -> DisposableVM
  • Disposable VM -> DisposableVM
  • Proxy VM -> ProxyVM
  • Net VM -> NetVM
  • App VM -> AppVM
  • Service VM -> ServiceVM

Others?

Note: This is for consistency and clarity e.g. DispVM is not recommended according to Qubes discussions.

1 Like

Template:Qubes AppArmor: Difference between revisions - Whonix has an issue. AppVM is not a synonym for TemplateBasedVM as per Glossary | Qubes OS and previous discussions. (Since sys-whonix is a ProxyVM and should not be called AppVM. Was decided at Qubes to not overload the term ProxyVM. And since as per Qubes glossary, also a StandaloneVM can be an AppVM.)

Error - Whonix “If you receive” was right since it only seldom happens for few users. “Sometimes” sounds like everyone gets it once in a while. Could you specify that a bit please?

Most are either not do do or now done. :slight_smile:

As per Glossary | Qubes OS there is DispVM but not DisposableVM.

So perhaps it should actually be DisposableVM → DispVM? …what I don’t really like myself. Hm hard case. I actually disagree with Glossary | Qubes OS using contractions. But it would have to be fixed in Qubes first before it can be changed in Whonix documentation.

Could you reference that please?

Actually, I am not sure about replacement of isn'tis not. Even if more formal, I think the former is easier understood than the latter due to usage of not.

→ Fixed.

→ Fixed.

Ok. Great!

Sure (accepted github open issue) →

No problem, we’re partying at your Whonix house, so we’ll follow your lead. :slight_smile:

And one more fix…

http://kkkkkkkkkk63ava6.onion/wiki/Grsecurity#How-To:_Qubes-Whonix → Fixed (as per info below)

Even the kernel guru over at Qubes can’t get the 4.9 kernel with pvgrub2 VM to boot. Makes me feel a little better. :smiling_imp:

He gets the same error I did with the Debian-8 template.

So, this can be written off in the grsec instructions until this issue is solved. I’ve changed the text in the grsecurity wiki entry to reflect this.

That is, people should only run the latest available 4.8 coldkernel branch (4.8.17), or maybe use the Debian 9 template for 4.9 coldkernels (which I know this same poster has previously gotten working, according to Qubes Users forum threads I’ve seen).

Dependencies aren’t a problem anymore since the needed updates have passed to the stable Qubes repos since the update yesterday.

1 Like

https://arxiv.org/pdf/1703.02874v1.pdf could use a little promotion. Do you think you could write a small summary and post this in the Whonix blog?

Thanks! DispVM -> DisposableVM replacement done. I like that. Please reiterate should I have forgotten to either discuss or change any mass replacements.

No problem. Let me look at that after Templates are finished (almost done).

No problem. Thanks for that.

Edit: Templates finished! I don’t recommend anyone edit 250 of them twice. :joy:

Now this will free up time to work on other entries e.g. Tor Browser, DispVM, Computer Security etc etc.

1 Like