Hi,
You can quote me or use information to write an article, as long as you
reference it properly and add the relevant link in the notes.With kind regards,
Dirk
Cipher Machines & Cryptology
http://users.telenet.be/d.rijmenants
http://rijmenants.blogspot.be http://rijmenants.blogspot.be/
Great. As:
- HulaHoop has had a look and is okay with it
- We have the author’s permission
- A clear credit is given up front to the author: “The description of this procedure draws heavily upon the following guide: The Complete Guide to Secure Communications with the One Time Pad Cipher [archive]; all credits go to the author.”
Can you please publish it?
torjunkie via Whonix Forum:
Great. As:
- HulaHoop has had a look and is okay with it
- We have the author’s permission
- A clear credit is given up front to the author: “The description of this procedure draws heavily upon the following guide: The Complete Guide to Secure Communications with the One Time Pad Cipher [archive]; all credits go to the author.”
To be on safe side, could you please make the authorship more explicit
by naming author and organization (or organization and author as
applicable)?
We should probably deprecate the Usenet page:
http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Usenet
Most of it relies on Mixmaster (dead) or Nymservers (largely reliant on Mixmaster).
All that leaves is two sections re: reading newsgroups with NNTP clients (whatever that is, not familiar with it) and accessing NNTP servers anonymously for discussion groups (if that is even possible).
Overall, a lot cause - not worth editing to bring it up to scratch unless you have different views.
I’ll take that as a yes to deprecate.
Not really. I am not done thinking about this yet.
Is the following still up to date? @HulaHoop
Mixmaster / remailer was actually for that context “just a bonus”.
Crossed out the mixmaster/remailer parts just now. Rest seems good enough.
It can be part of advanced documentation or even esoteric documentation as popularity of these things is low and declining.
I wasn’t sure Usenet discussion groups is nowadays completely dead, just full of spam bots which are forgotten be turned off, and just forgotten to be declared completely dead. Search results are dominated by commercial usenet providers (used for file sharing). But no, Usenet is still active. Found this list of some non-spam discussions: https://narkive.com (Usenet is not a website / web protocol. But there are a few gateways to preview contents of Usenet without having to use a news reader.) Usenet might also be interesting as an archive, research, history, whatnot as it had peak popularity in the 1990’s or so.
Could create a wiki template with an info (or warning) box which states that the content of that page is of a lower quality, and whatnot.
Thank you for your great diligence of this wiki wide review!
Haven’t tested since mixmaster is kicked out from Debian. Anything nym/re-mailer dependent needs mixmaster so it’s OK to cross out/deprecate.
2 posts were merged into an existing topic: Voip / Jitsi / Mumble
1. Our Qubes-Whonix documentation also has this problem:
Fix references to “ProxyVM” in docs
In 4.0, the term “ProxyVM” has been deprecated. (See here, linking to here.)
However, it is still used many times in the docs.
$ cd qubes-doc
$ grep -ir ProxyVM . | wc -l
49The docs should be revised to reflect the more flexible architecture: instead of a whole category of vms (a qube is a ProxyVM), the new property describes an action a qube might do (provide networking).
I think we’ll want to take each instance on a case-by-case basis. In some of these cases, we might want to allow the term “proxy VM” (or something similar) to refer colloquially to the notion of a VM which provides network service to another (that is, a VM with property provides network).
2. As per @nurmagoz recommendation, I gather you’d agree the FTP page should instead focus on SFTP i.e. secure file transfer via SSH.
Looks safer (less port/firewall opening etc.), later protocol, less installation and so on.
SFTP (SSH File Transfer Protocol) is a secure file transfer protocol. It runs over the SSH protocol. It supports the full security and authentication functionality of SSH.
SFTP has pretty much replaced legacy FTP as a file transfer protocol, and is quickly replacing FTP/S. It provides all the functionality offered by these protocols, but more securely and more reliably, with easier configuration. There is basically no reason to use the legacy protocols any more.
SFTP also protects against password sniffing and man-in-the-middle attacks. It protects the integrity of the data using encryption and cryptographic hash functions, and autenticates both the server and the user.
That would be interesting to have. But since no users showed interest in this subject and since not very or not at all specific to Whonix, I don’t think I’ll document it. Contributions welcome. Among the fascinating stuff: rsync / ssh / sshfs / sftp over clearnet / over Tor / over onion
Plaintext FTP is still slightly interesting. Original reason for documenting plaintext FTP was some user asking about it years ago. Some public servers used to allow only download over plain FTP. Dunno if there are still any. Very unpopular subject. I don’t recall anyone asking about FTP for years. Therefore this can be burried in advanced or even esoteric documentation. I don’t really want to delete it entirely because if someone asks for it in a year I won’t recall it and not find it in any archive either. Hope that’s reasonable.
5 posts were merged into an existing topic: Onion forum site redirects to clearnet
1. Re: YaCy
In our wiki installation instructions:
- “Operation not permitted” re: Step 2 when using apt-key command
- Openjdk-7-jre-headless is in stretch, v8 is in Sid (wants to remove essential Whonix packages if you try to install it), v11 is in Buster and works (see: Debian -- Details of package openjdk-11-jdk-headless in buster)
Basically, unsafe install instructions work i.e. substituting openjdk-11-jre-headless:
sudo apt-get update
sudo dpkg --configure -a
sudo apt-get install -y openjdk-11-jre-headless
wget http://latest.yacy.net/yacy_v1.922_20191013_9964.tar.gz
tar xfz yacy_v1.922_20191013_9964.tar.gz
cd yacy
./startYACY.sh
Then making the Tor Browser about:config changes noted on that wiki page. Unsafe working instructions are better than non-functional ones, right?
But this begs the question as to why bother running a server on port 8090 when you can just use the decentralized search function straight via a portal anyhow i.e. here? →
2. GNUNet
http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/GNUnet
- Instructions not finished
- Nobody asked about it ever that I remember
- Main ToC should be working instructions that are useful, not pipedreams that might be ready a decade later (since GNUnet has been in development for two decades plus already)
So we should probably shift it to the Advanced Documentation page. If you agree, I’ll move it there.
3. For all the wiki pages on the main Documentation page that don’t have a thumbnail right now (logo etc.), how about I add the associated Libre page image as a thumbnail for each (top right-hand side), so they look “pretty” instead of just starting off with ugly, plain text.
4. The language page system section (not Tor Browser) seems focused on KDE? Outdated, non-functional?
http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Language#System
5. Do we need to do a find replace for “kdesudo” instructions and replace with suitable command (outdated?) e.g.
If you are using a terminal Whonix-Gateway ™, type.
kdesudo anon-connection-wizard
Probably gpg keyserver issue. I could swear we had a wiki template for that? We have various wiki templates. Ideally keyserver avoided and downloading the key from website.
Why would openjdk-11-jre-headless be unsafe? Perhaps unsupported upstream but unsafe? Possibly, I guess if a higher/unsupported version number might introduce security issues with the old code?
As long as pointed out with our usual warning box it can be done.
Indeed. the only motivation might be to support the yacy network or to be adamant about hosting one’s own or some other perk which I am not aware that a local installation brings.
Sure.
OK.
KDE stuff can be moved to /Deprecated or even deleted.
That is nowadays:
lxsudo
Can be used as drop-in replacement for kdesudo.
Tor vs. Proxies, Proxy Chains and VPNs -> Fixed
new wiki page:
Would it help if I get into the habit of writing changelogs in the wiki to save you some work? Because it seems far easier to write in wiki and copy over to forums (will automatically translate the html to forum markup) than manually re-create mediawiki markup.
1. Is the Keyboard Layout page sufficient/meant to cover off users who are entering characters other than English e.g. Japanese, Korean, Chinese etc?
If not, then we need to add an “Input Method” section there (or on the System Language page?) re: changing the input method. I see normally the recommendation is to use install & configure i-bus after having installed the necessary fonts for that particular language.
2. Re: Tor Browser language
I tested the Config File method of changing language in Tor Browser (Japanese test) and it didn’t do anything. i.e. saved config file to TB_LANG=“ja”, download Tor Browser again, still presents in English.
However, the about:preferences method I just added works correctly. It is easy and it doesn’t make sense to me why somebody would need to download a different binary re: language localization if they can just search for additional language in preferences, set it, and restart Tor Browser within 30 seconds?
Well playing with ibus and ibus-setup gets multiple language input working e.g. Russian, Persian, Catalan characters etc. with no issues.
But Japanese seems a bit difficult to work out for some reason (probably Korean & Chinese will also give me the same grief i.e. need some special fonts installed or something)…
Re: YaCy
It is currently impossible to securely install YaCy. After:
- Saving the key (manually, not recv-keys which doesn’t seem to work anymore with any keyservers - blocking Tor?)
- Verifying fingerprints
- Importing the key
- Adding the YaCy repository (yacy.list)
- Running sudo apt-get update
The following error appears which was reported in 2017 (and still not fixed) - “release not signed”:
W: GPG error: http://debian.yacy.net ./ Release: The following signatures were invalid: 8BD752501CB62448A30EA3EA1F968B3903D886E7
Meaning only an unsafe install is possible.
OK - YaCy page and Input Method for Language page -> Fixed.
That commentator in the developer forum is correct re: XFCE in how it is referenced. The Xfce homepage references it everywhere as ‘Xfce’. Do you mind doing a find replace for the wiki documentation please?