ID: 658PHID: PHID-TASK-y6rvemug5ajhjxdlc3wbAuthor: PatrickStatus at Migration Time: invalidPriority at Migration Time: Normal
#Whonix_14 will come with major time related deanonymization attack defenses. The only networking allowed is Tor and sdwdate until sdwdate succeeded, i.e. until the clock is unlinked from all other VMs. (T533)
On the Qubes-Whonix side this does not work well yet #usability wise.
The real solution would be T534, but that is hard to implement. Needs tons of time that I currently do not have. I doubt I can implement it in time for #Whonix_14 .
Options are:
disable this new feature in Qubes-Whonix [1]
leave it enabled, but then users would have really bad usability [2]
somehow magically find a contributor who implements T534 [3]
Which option do you suggest? @marmarek
[1] Enabling / disabling this feature is as simple as an /etc/whonix_firewall.d/ config snippet drop-in.
2017-04-13 12:53:33 UTC
2017-04-13 13:42:36 UTC
I forgot about one option.
Accepting that there will be X tray icons for X number of
What do you think about option 4)?
marmarek (Marek Marczykowski-Górecki):
I’m not sure about sdwdate-gui details,
Code wise at the moment it’s rather simple. Below 200 lines of python3 code.
sdwdate-gui/usr/lib/python3/dist-packages/sdwdate_gui/sdwdate_gui.py at master · Kicksecure/sdwdate-gui · GitHub
but could it be started in a
Let’s call this option 5).
Perhaps. Still too much work.
Not having notifications that never be closed. (Just now got one withnotify-send --expire-time=0 test where the X button does nothing.)
Close the no longer needed notifications.
Have a concept of persistent-because-in-progress types of
And I speculate Joanna would hate to see a user auto starting like 4
I guess usability wise 5) could be worse than 4)?
2017-04-13 13:57:40 UTC
What about hiding sdwdate-gui icon when time is synchronized? So, have an icon only when there is some problem or sdwdate is still bootstrapping? This isn’t ideal as actions like restart/stop will be unavailable, but maybe good enough for now?
2017-04-13 17:39:21 UTC
Another issue at the moment with sdwdate-gui in Qubes is, that users
That’s more of a general Qubes issue. Should I try to work around it by
Same is true for the hover over passive tooltips. Should I add the Qubes
marmarek (Marek Marczykowski-Górecki):
marmarek added a comment.
What about hiding sdwdate-gui icon when time is synchronized? So,
Let’s see.
a) a mode where sdwdate-gui terminates itself or shows no systray
b) another mode where sdwdate-gui works normally
or just deprecate mode b)?
sdwdate-gui would need a concept of “timesync done”. At the moment
May also seem a bit strange, systrays that come and vanishes? After
2017-04-14 18:09:03 UTC
! In T658#12969, @Patrick wrote:
That’s more of a general Qubes issue. Should I try to work around it by
Same is true for the hover over passive tooltips. Should I add the Qubes
This is indeed valid issue. In general case adding VM name inside tooltip isn’t good, because VM can spoof it. But since we don’t have anything better now (there is very little space around tray icons), IMO it would be ok here.
sdwdate-gui would need a concept of “timesync done”. At the moment
Existence of /var/run/sdwdate/success?
Indeed this may be a bit strange, but not so unusual - for example some graphical package managers shows an icon only when updates are pending. Yes, IMO it would be better than multiple persistent systrays - if for nothing else, for saving space in notification area. I’d add it as a separate mode, and deprecate it after implementing proper solution (T534).
2017-04-16 12:09:05 UTC
2017-04-16 16:26:03 UTC
2017-04-16 17:32:34 UTC
2017-04-27 18:04:22 UTC
2017-05-03 01:19:46 UTC
I think we can ignore the results when three of them are not very close. It should still be more efficient than multiple instances.
In this case all three sources would need to be off to similar degree to mess up VMs
2017-07-23 16:03:33 UTC
2017-12-02 19:26:35 UTC