Whonix Repository

anonuser · January 25, 2014, 4:14pm

also comment on this Spoiled Onions

Can we block bad exit nodes listed below?
http://www.cs.kau.se/philwint/spoiled_onions/#data
these are only 25 of 1000
what are the rest of them?

Patrick · January 25, 2014, 5:35pm

Please create separate topics next time.

Whonix is vulnerable to all attacks against Tor or the Tor network.

Fortunately, the blog post tells us, that recent versions of Tor aren’t affected by this anymore.

See also:

Against these kinds of problems, there is no simple fix such as “install this and set up this and be fine”. We need serious competition for Tor. More independent research, founding, development, etc. If not you, now, who and when?

Patrick · January 25, 2014, 5:36pm

[quote=“anonuser, post:21, topic:26”]also comment on this Spoiled Onions

Can we block bad exit nodes listed below?
http://www.cs.kau.se/philwint/spoiled_onions/#data
these are only 25 of 1000
what are the rest of them?[/quote]
The answer is, should be worked on upstream, not in Whonix:

anonuser · January 26, 2014, 4:43pm

is it really not recommended to use ExcludeExitNodes {country} if you want to block specific countries?
How can it damage anonymity?

Patrick · January 26, 2014, 5:01pm

is it really not recommended to use ExcludeExitNodes {country}

Yes.

How can it damage anonymity?

Quote: How can we help? | Tor Project | Support

You get the best security that Tor can provide when you leave the route selection to Tor; overriding the entry / exit nodes can mess up your anonymity in ways we don't understand.

If you are more clever than the Tor developers, by all means, feel free to modify the routing algorithm.

anonuser · January 27, 2014, 1:14pm

I am more clever than Tor developers but not in the field of TOR.

anonuser · February 7, 2014, 5:36pm

Why have you used debian stable instead of debian testing in the last release?
Can i upgrade from 7.7.2 to 7.7.6 using the whonix repository? Is this possible if my build is based on debian testing?
Is it better to disable debian repository and to leave whonix repository?
Can you include all debian packages into your repository so that we could upgrade all packages from one server?

Patrick · February 7, 2014, 6:41pm

Why have you used debian stable instead of debian testing in the last release?

I just updated the chapter in the wiki explaining why: https://www.whonix.org/wiki/Dev/Operating_System#Why_is_Whonix_8_based_on_Debian_Stable.2C_not_Debian_Testing.3F

Can i upgrade from 7.7.2 to 7.7.6 using the whonix repository?

No.

Is this possible if my build is based on debian testing?

Switching from Debian testing to Debian stable would be a downgrade and is generally recommended against. (Possible, as expert, probably yes.)

Is it better to disable debian repository and to leave whonix repository?

Please don't disable Debian's repository. They provide critical security upgrades for most* packages. Disabling Whonix's repository and therefore upgrading Whonix's Debian Packages from source code is possible.

(*most: all packages installed from Debian, not for Whonix packages, not for self-installed software from other sources, not for Tor Browser)

Can you include all debian packages into your repository so that we could upgrade all packages from one server?

In theory, it's possible. In practice, Whonix is too young and small a Linux distribution for something of that magnitude. Would require too much resources. Also benefits currently seem lower than gain.

anonuser · February 11, 2014, 10:40am

Whonix check gives this error during the last week or so:
Whonix News Download Result: Could not OpenPGP verify authenticity of Whonix News whonix_news.tar.gz!!! (gpg return code: 2) This is either a Whonix Bug or an attack on Whonix!!!

What should we do?

Patrick · February 11, 2014, 10:52am

My mistake. Signed with the wrong key. Now fixed. Thanks!

anonuser · February 13, 2014, 1:06pm

I still got the error [ERROR] [whonixcheck] Whonix News Download Result: Could not OpenPGP verify authenticity of Whonix News whonix_news.tar.gz!!! (gpg return code: 2) This is either a Whonix Bug or an attack on Whonix!!!
again.
Whonix repository is disabled. Is that the cause of the error?

Patrick · February 13, 2014, 6:33pm

You’re using 7.7.2, right?

I uploaded Whonix News v3 again signed with my old key. It should fix it.

I tested Whonix News for Whonix 7 and next testers-only version (7.7.8.6) (which I am currently uploading). Maintaining (i.e. making sure Whonix News and upgrading works) probably won’t be possible for me.

Whonix repository is disabled. Is that the cause of the error?

No.

anonuser · February 15, 2014, 2:11pm

Yes it was 7.7.2
The issue has been fixed by you, thanks!