Testers Wanted!
Download VirtualBox:
Download KVM:
Not yet available.
Release Notes:
https://www.whonix.org/wiki/Whonix_Release_Notes#Whonix_14
Changes since last update of release notes:
TODO
Thanks to @Algernon for contributing the Whonix XFCE version!
after enabling tester repo + update/upgrade.
connection lost , then i went to acw to reconnect and thats what i got.
Tor logs: (after restarting gw , connection rebacked)
Too long , posted here:
[s]PrivateBin
Edit: This is only occur if you upgrade from old testing build.
after update whonix-ws xfce with tester repos , connection lost.
what commands to debug it?
Edit: This is only occur if you upgrade from old testing build.
remove okular as its DE dependent , use xpdf
Edit: okular package seems to be removed in ws , but its icon still there
so as kgpg. ← This is only occur if you upgrade from old testing build.
these issues occurred by upgrading the old testing xfce.
gonna redownload/reinstall the new version. (dont upgrade , just install he fresh version)
Fresh installation of xfce testing:
Add Tor Browser as the default browser instead of debain sensible browser.
Add Thunderbird to Mail reader (after Thunderbird/debian packaging fully recovered)
install unrar-free by default to whonix, as its useful to unrar .rar inside whonix.
just saw that telnet installed by default even in Qubes-Whonix, please remove this package for security purposes.
Desktop shortcuts: just delete.
whonixcheck should show if networking is down. Probably the bug where upgrade of whonix-firewall breaks networking.
fix fail closed mechanism
https://phabricator.whonix.org/T875
telnet is a dependency of GitHub - Kicksecure/tor-ctrl: Raw use of tor's controller. The protocol is no longer recommended for remote connections but fine for use in local network. The package installed by itself does not cause any security risk. telnet does not run itself.
Not convinced, I haven’t seen any rar file for ages and no users asking about it ever.
No. Debian default. See:
About showing DOS/Windows: ignore this level of sometimes non-nonsensical output. Too much expected perfection. Unrealistic. See:
Frequently Asked Questions - Whonix ™ FAQ
Dependency.
Will get back to the other items later.
TNT BOM BOM:
- Duplicate icons of Tor Browser
One of them is x-www-browser. General Linux problem. Can’t fix.
https://blog.codef00.com/2011/02/18/the-default-browser-on-linux-debacle/
TNT BOM BOM:
- Hide that message or Remove Browse network icon? (not sure whats the good solution for it)
Trying to implement. If it works it will be done in new builds only.
Please review. @Algernon
TNT BOM BOM:
- Add Tor Browser as the default browser instead of debain sensible browser.
sensible-browser is not a real browser. sensible-browser is part of
Debian -- Details of package sensible-utils in stretch.
This package provides a number of small utilities which are used by
programs to sensibly select and spawn an appropriate browser, editor, or
pager.
The specific utilities included are: sensible-browser sensible-editor
sensible-pager
So when you start sensible-browser from command line, does it start
Tor Browser? If yes, then it works as expected. Then the implementation
of GitHub - Kicksecure/tb-default-browser: Configures system to use /usr/bin/torbrowser as default browser is working.
TNT BOM BOM:
- Remove non-gui restart Tor (cause confusion)
Done.
sensible-browser starts the tor browser. The kde stuff is pulled in mostly through kdesudo it seems, we already have a thread for this. Etc/UTC and UTC are the same. Thunderbird should indeed be installed on the workstation, I’d also add some kind of archive manager like xarchiver + some utils like xz, zip … on KDE there was ark for that purpose.
thunar.xml:
change network://"/ to network:///"/
Confirmed. No change required.
Indeed.
Done.
Fault of kdelibs. Ideally we’ll get rid of but we may or may not. Root cause is kdesudo vs gksudo. Not a security issue, just a usability issue. Discussion here:
Technical:
dpkg -S /usr/share/applications/kde4/ktelnetservice.desktop
kdelibs5-data: /usr/share/applications/kde4/ktelnetservice.desktop
dpkg -S /usr/bin/ktelnetservice
kdelibs-bin: /usr/bin/ktelnetservice
dpkg -S /usr/share/applications/kde4/kmailservice.desktop
kdelibs5-data: /usr/share/applications/kde4/kmailservice.desktop
Exec=kmailservice %u
dpkg -S `which kmailservice`
kdelibs-bin: /usr/bin/kmailservice
This was also my conclusion.
Therefore this issue is considered invalid.
If you disagree please demonstrate an actual malfunction, i.e. timezone leak, timezone mismatch, default timezone gmt shown somewhere or anything similar.
For reference here:
remove browser starter in xfce task bar
https://phabricator.whonix.org/T876
Some detail enhancements / usability fixes are doable which we can incorporate in upgrades / subsequent releases. Please create https://phabricator.whonix.org tickets for anything still missing.
Overall Whonix for VirtualBox with XFCE 14.0.0.9.6 - Release Candidate 1 seems to works well enough. Better than Whonix KDE version. Unless some major bug is found, this version can probably soon be released as stable Whonix default download.
This was a bug. Most likely this one.
fix fail closed mechanism
https://phabricator.whonix.org/T875
Fixed after reboot most likely. Fixed in this 14.0.0.9.6 build.
In such cases next time please run whonixcheck.
Not good argument pick on security, just because its not running doesnt mean its not risky. openssh-server doesnt run by itself but its a risk being there. actually any program or package doesnt run by itself (as assuming thats the default for almost all packages), but that doesnt mean its fine to install them by default for all users. also the real issue that telnet exist in WS & GW which give it more risky privileges on Whonix Design.
Because most of our community atm are techy linux users, and we left Windows long time ago. Thats why we dont hear about it much, although when users drag/drop or download .rar then they need to search for how to open it up. and i dont see much problems/risk of having it specially in the WorkStation.
rar is still a widely used file format and in my opinion should be supported out of the box to be more beginner-friendly.
In addition to that, I’d like to see thunar-archive-plugin installed, so thunar can handle archives. I personally would use file-roller but if you want to keep it smaller xarchiver will also work (although it’s drag&drop is kinda useless).
Thank you for switching to xfce.
Whonixcheck not one time pass --leak-tests:
This don’t look like a temporary problem, it always happened to me during tests.
Sure 14.0.0.9.6?
Sure not 14.0.0.9.4? That build had that issue.
To debug please run in workstation:
sudo ls -la /etc/resolv.conf
To fix (required for build 14.0.0.9.4 only) in workstation:
sudo apt-get install --reinstall anon-ws-dns-conf