I just wanted to thank you for this amazing feature! Works perfectly, and installing is very easy!
Thanks again for all the good work!
2 Likes
Regarding the systray I can maybe take a look at it again. On KDE this was buggy, maybe things changed for XFCE, this could also include an indicator if the disk is set to ro.
@anon81913862
Thatās certainly true. Regarding anti-forensics there is probably not much that can beat Tails. Though, one should always apply FDE on the host or you could also configure the host to be a live system too, as long as you use something Debian based. imho that comes close to what Tails calls amnesia, minus that it will be somewhat harder to hide the fact that you use an encrypted OS. Iām a bit biased of course 
1 Like
At a first glance it looks like it is easy to implement with xfce4-genmon-plugin.
Any whishlist for the icons? Otherwise Iāll leave it that way and maybe just remove the text next to the icon, itās either too small or takes away lots of space. genmon runs a small script in the background and checks if live mode is enabled and if the disk is set to read-only.
2 Likes
A desktop environment agnostic solution would be more ideal but this one also looks great!
What would be the right package to add the code? (GUI vs CLI) Any dependencies?
Looks cool as is atm. I like that sdwdate-gui was enabled by default without any config declaration needed.
I like the green arrow and Live.
How often is the script run?
Live mode is enabled.
Sounds good.
Live mode is enabled but it is still possible to write to the disk. Please power off the machine to set the disk to read-only.
Sounds good, however can we add a link? Reason: Iād rather show users the link upfront so they donāt post this message or a sceenshot of it then asking for support.
You are using persistent mode.
Technically correct. Perhaps we can keep that. However, can we explain this a bit better? Someone who never heard about it will be lost at hello. āWhat does that mean?ā Maybe something likeā¦
You are using persistent mode. In other words, you are NOT using live mode. All disk changes will be preserved after reboot. If you would like to use live mode, see link.
I donāt like my own wording very much but thatās the rough idea what to communicate.
Iād add it to the xfce4-desktop-config since it sits in the panel anyways. It has a few dependencies but I think most of them are already in a default XFCE installation.
Can be adjusted. I guess setting the time to once a day/week/year would be sufficient, so it does not run every few seconds but only once during boot.
I donāt think a link will work, you can add the ālinkā to the description when you hover over it but users would need to manually type it into the browser bar. A link would also only make sense on the workstation where the browser is installed.
However, the plugin supports some actions on clicking either the text or the icon.
https://goodies.xfce.org/projects/panel-plugins/xfce4-genmon-plugin
So on the workstation you could open the browser and direct it to the right wiki page. Iām not sure how feasible it would be to use offline documentation
Algernon:
Iād add it to the xfce4-desktop-config since it sits in the panel anyways. It has a few dependencies but I think most of them are already in a default XFCE installation.
Alright.
Can be adjusted. I guess setting the time to once a day/week/year would be sufficient, so it does not run every few seconds but only once during boot.
Great!
I donāt think a link will work, you can add the ālinkā to the description when you hover over it but users would need to manually type it into the browser bar.
Letās do this anyhow. Hopefully users will then rather first instinct to
type the link or google rather than ask in forums.
A link would also only make sense on the workstation where the browser is installed.
Letās do it on the gateway anyhow. A bit inconsistent but therefore code
can be shared and kept simple. Can write something like āopen that link
in Whonix-Workstationā.
However, the plugin supports some actions on clicking either the text or the icon.
panel-plugins:xfce4-genmon-plugin:start [Xfce Docs]
Cool!
So on the workstation you could open the browser and direct it to the right wiki page.
Sounds great!
And on the it would be handled by open-link-confirmation. I guess thatās
good enough.
Iām not sure how feasible it would be to use offline documentation
No one working on it. Unrealistic at this point.
The following may be pushing it. Please donāt feel obligated to implement. Brainstorming.
What about right click functions such as:
- switch to read-only
- switch to read-write
(Perhaps better descriptions?)
And then remount. Is that even possible?
Would of course only work for those who donāt set the disk setting to read-only.
Switch to read-write could then be grayed out (or somehow better illustrated) for those who did set the disk setting to read-only.
Crazy idea? 
What about selective persistence? (Similar to Tails.) Perhaps weād ship a second virtual hdd by default that could be manually mounted? (Use case: change mind after starting into live mode to persist some files on demand.)
Maybe less crazy idea?
I already opened some pull requests, the āclickingā function is going to be in the next revision.
In any case you would need new buttons for that. Right clicking on the genmon icon will always open a small config menu.
Iām not sure if this would be possible. I think I tried something like that once and was not that succesful. The overlay filesystem is setup very early in the boot process. And even if it works there might be some edge case like, what happens when you install some packages and switch between the modes.
Should be possible in principle though I actually never tested the integrated persistence features of the Debian live tools. Iād see a usecase for storing normal files, documents ā¦ i.e. when you always run live mode and just want to store some stuff. Not so much for packages or even general updates. This is what the normal persistent mode is for, which has less chance for breakage. When installing packages you also always consume RAM since they will be stored just in memory.
Of course the shared folder or maybe some other attached HDD/USB drive from the host could also be used for persistence.
2 Likes
https://github.com/Whonix/anon-meta-packages/pull/18
The latter one please remind me to merge once porting to buster.
Small fix for buster. by Algernon-01 Ā· Pull Request #3 Ā· Kicksecure/grub-live Ā· GitHub and Add live mode indicator. by Algernon-01 Ā· Pull Request #3 Ā· Kicksecure/xfce-desktop-config-dist Ā· GitHub is compatible, tested with stretch, I suppose?
Not tested but looks excellent!
All except https://github.com/Whonix/anon-meta-packages/pull/18 merged, build, and uploaded to developers repository. Will flow to testers and other repositories as usual.
Yes. I build normal stretch KVM images with those. After I upgraded an image to buster systemd was hanging at some live-tools job during normal shutdown. ānoejectā prevents that and wonāt hurt on stretch.
2 Likes
Could you replace /home/user/.tb/tor-browser/Browser/start-tor-browser --allow-remote with x-www-browser please?
Reasons:
- less Whonix specific
- works without Tor Browser installed
- more standard conform
After else youāre using only <click> but not <txtclick>? Is this on purpose? Because for the other conditions youāre using both.
Just now added. Seems so logical. Let me know if this was wrong.
Do you know how to add the shared folder path as one of Thunarās fav destinations (along with home, desktop and so on)?