Menu
▾
▴
whonix-devel — Whonix Development Public Mailing List
You can subscribe to this list here.
| 2012 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
(2) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2013 |
Jan
(4) |
Feb
(4) |
Mar
(38) |
Apr
(19) |
May
(25) |
Jun
(23) |
Jul
(3) |
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
|
From: adrelanos <adr...@ri...> - 2013-09-26 01:50:04
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Please test and leave feedback! This will probably become the next version of Whonix. Download links: * http://sourceforge.net/projects/whonixdevelopermetafiles/files/whonix-6/Whonix-Gateway-6.ova/download * http://sourceforge.net/projects/whonixdevelopermetafiles/files/whonix-6/Whonix-Workstation-6.ova/download OpenPGP signatures: * http://sourceforge.net/projects/whonixdevelopermetafiles/files/whonix-6/Whonix-Gateway-6.ova.asc/download * http://sourceforge.net/projects/whonixdevelopermetafiles/files/whonix-6/Whonix-Workstation-6.ova.asc/download Changelog: * Tor 0.2.4 * obfs3 installed by default * higher console resolution 1024x768 (without X) * The current Tor Browser Bundle (TBB) Alpha, which will soon become the new TBB stable, will work out of the box in Whonix, even if you download and install it manually from torproject.org. This is useful for the case, that the Whonix Tor Browser updater breaks again, because torproject.org changed something. Tor over Tor will be prevented. * Graphical Whonix-Gateway. Optional. If you reduce Whonix-Gateway RAM below 500 MB (this and every other aspect of this feature can be configured), lets say to 128 MB, you automagically end up with the usual non-graphical Whonix-Gateway. * Whonix has now an updater. I can not promise, that you never have to download a new image, when next stable version of Whonix gets released, but we are on that way. Interested testers may have to download a new (test-)image from time to time, since we also need to test the out of the box user experience. * First Time Connection Wizard: Whonix now comes with Tor disabled by default and you have to run the Whonix First Time Connection Wizard, called whonixsetup. You will get a notice, to do so. This is useful for users who never want to connect to the public Tor network, because they want to hide the fact, that they are using Tor. This kind of users can now more easily set up (private) (obfuscated) bridges before ever trying to connect to the Tor network. * Fixed uwt. To do certain tasks such as installing the Adobe Flash plugin or running update-command-not-found you no longer need to "chmod -x /usr/local/bin/curl". * Manpages for scripts, which come with Whonix. * /etc/whonix.d/ and /etc/whonix_firewall.d/ .d style configuration folders. * Deactivate the kgpg tray icon by default (#10), not perfect, but less confusing, since it will now hopefully start in foreground * Boot Clock Randomization * Time Sanity Check * torbrowser: Downloading Tor Browser and signature from http://idnxcnkne4qt76tg.onion/dist/torbrowser/linux instead from https://www.torproject.org/dist/torbrowser for better security when run inside Whonix. (Not sure if we can keep this, due to upstream weaknesses with hidden services scaling.) * optional Time Privacy wrapper * enable "apparmor=1 security=apparmor" by default (but didn't enable enforce mode or added any useful profiles) * moved blog to wordpress.com, better than sourceforge, because wordpress.com supports SSL, closed #23 Cheers, adrelanos -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJSQ5IzAAoJEJwTGtNxOq7v6BUQAIVybroHG9nEST5FZrY+yCp8 xx1mJsJdtKuQcKBNeN5TN7YIw/qwtsKSS3JibdRkPYimQGnTp/QwEwk5L0C9dTch wBmao2WfTKXdBpwSuConvjxYnIslF2Rv5ROCI/U37BANfBgpFUWBNwKf6idm5Igo XUSZk2S3XHy1q7l/dj5idEd+xk6fv1gCojcwRaPGqQ/D8Vj8mTwBw1Fy7vkaJvEg IVx7O05hPAzkVJ3VqVkdJpWEy0GGNm0lpSptbBufaTDVQn1e8X1lT91NY1mpGGm+ JOVC7qS86rtTia26GGdPb7rYOX2/5n2TatOQZIctEB9/X9v0THiZGXyxo+nL4Z6W Hp0lklie34YvNVcqa6X+C3D1wnPhyje2ytZNLhcOVVpMiFL+ceW+mibCF3i6d+Nu h7DxBBWrW01LfhPK2JSaClzSakuWdo5q6FAR5TU+bIr4vg/yDn0iGs5fPZU6SYlR YhbfWD6nHhjIGvKdU/VRLgiRuUQpcNgtNOXAPOaMeS7qqLX2JSnZcml+Rq6ae0mF bAkHYcejPcp8+du2swD+GvkVlQI+D1Ms4fBN2b03zUZ/HTcLQfIRzdh9aLFl8OST nvML95g3c9yWI4b3TW7HUauo4SKOB4ePln6P7Xp13bkMmFcn5YvSI2d3TEWvC4lm JMgOASMIxpZ4n6p+p/25 =qRrq -----END PGP SIGNATURE----- |
|
From: adrelanos <adr...@ri...> - 2013-07-11 03:22:29
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Dear whonix-devel List Member, this will probable be the last message from whonix-devel at lists.sourceforge.net. The whonix-devel mailing list has been migrated from sourceforge to whonix.org. So we now got ride of the sourceforge advertisements. The new mailing list web interface can be found here: https://whonix.org/cgi-bin/mailman/listinfo/whonix-devel If you want to unsubscribe, go to: https://whonix.org/cgi-bin/mailman/listinfo/whonix-devel If you want to post to the new whonix-devel mailing list on whonix.org, mail to: who...@wh... There is now also a new, separate whonix-users mailing list, in case you're not interested in the developers messages: https://whonix.org/cgi-bin/mailman/listinfo/whonix-users (No one has been signed up for whonix-users.) (You have not been unsubscribed from whonix-devel on sourceforge, but if everything goes well, you shouldn't get new messages from it. Lets hope the new list works perfectly, just in case.) Best regards, adrelanos -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJR3iTZAAoJEJwTGtNxOq7vPZkQAKw559sbb1LYrnnfrYEPZk0a pswI5oOnmL1U9cXEJ9v93h3U2XtVPWY4Dp4mMeWTsJAiFwhGnA7pES4+H2lPbjbc XPmcNidV3g1nqS4hhnMVtzDT8IsVEgUXxTuuQ29y+X+4XdazwcR55NVHqSOmNIhc fWDA9yrAL5DAt2oJg8WOnRG+M95vzQbuLOFe06EKqB/e6rtlakO1oPLAuNiDfHMZ t08mUsYtEbXRYmOfG+XaRYu6PTbNfYqlxaImCM1Q96whWXGJd7QLQhBvs+GJwq3L RhrmFBDD7mfcfqjtL9j1tzb2tw4m4x25NCPpTHKs2kh7492/bmxSOGTHciEiVrQ5 5wNJf0SXlabTond8amPA5KivxEF+CRyZLNK/6D9//SiRn5c1H7Q+oTFWhM2Zi3Pu cDdhoS8pW3OT0izeIczSElhUv8rgL2GAqdXqHwf8qyalZNFKWXeCMQkFjYX196zm 9DfOwUK80DxcTRSBaG6zn7aZ16JOoiuhk0zJ4p5FISS11VQwg+Io+o+eoRZKBkmi 7ECTekE82Dw2Gb8xDkgW3l8snlJWiBVfgmolPuHhScyXqjWjK57rRV1ABA2GV/15 5eHDns1VUuifVuMv4d9r+LVYtEMBIQ0FYK05vV5aYBP+5XfiWXJm5SgQw4XlwY3D sTwngpkHHhx9WAmiuko3 =r8oa -----END PGP SIGNATURE----- |
|
From: adrelanos <adr...@ri...> - 2013-07-09 22:43:41
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Its been a while since the latest release of Whonix. Was a busy and effective development time. The name of this testers-only version is: whonix-97adretemp. This release isn't perfect yet, but it needs your feedback! Not everything has been documented already. However, I haven't found any anonymity related bugs. There are minor annoyances and minor missing things, such as desktop icons. Regular users easily annoyed by bugs are advised to stick with Whonix 0.5.6 until a new stable version of Whonix gets released. Actually we could have released new versions much more early, but since there is no release manager, it took a while. Download links: * http://sourceforge.net/projects/whonix/files/testers-only/whonix-97adretemp/Whonix-Gateway.ova/download * http://sourceforge.net/projects/whonix/files/testers-only/whonix-97adretemp/Whonix-Workstation.ova.asc/download OpenPGP signatures: * http://sourceforge.net/projects/whonix/files/testers-only/whonix-97adretemp/Whonix-Gateway.ova.asc/download * http://sourceforge.net/projects/whonix/files/testers-only/whonix-97adretemp/Whonix-Workstation.ova.asc/download Documentation, which will be released when this test version becomes the stable version, is here: * https://sourceforge.net/p/whonix/wiki/Next/ Highlights: * higher console resolution 1024x768 (without X) * The current Tor Browser Bundle (TBB) Alpha, which will soon become the new TBB stable, will work out of the box in Whonix, even if you download and install it manually from torproject.org. This is useful for the case, that the Whonix Tor Browser updater breaks again, because torproject.org changed something. Tor over Tor will be prevented. * Graphical Whonix-Gateway. Optional. If you reduce Whonix-Gateway RAM below 500 MB (this and every other aspect of this feature can be configured), lets say to 128 MB, you automagically end up with the usual non-graphical Whonix-Gateway. * Whonix has now an updater. I can not promise, that you never have to download a new image, when next stable version of Whonix gets released, but we are on that way. Interested testers may have to download a new (test-)image from time to time, since we also need to test the out of the box user experience. * First Time Connection Wizard: Whonix now comes with Tor disabled by default and you have to run the Whonix First Time Connection Wizard, called whonixsetup. You will get a notice, to do so. This is useful for users who never want to connect to the public Tor network, because they want to hide the fact, that they are using Tor. This kind of users can now more easily set up (private) (obfuscated) bridges before ever trying to connect to the Tor network. * Fixed uwt. To do certain tasks such as installing the Adobe Flash plugin or running update-command-not-found you no longer need to "chmod -x /usr/local/bin/curl". * Manpages for scripts, which come with Whonix. * /etc/whonix.d/ and /etc/whonix_firewall.d/ .d style configuration folders. * Deactivate the kgpg tray icon by default (#10), not perfect, but less confusing, since it will now hopefully start in foreground * Boot Clock Randomization * Time Sanity Check * torbrowser: Downloading Tor Browser and signature from http://idnxcnkne4qt76tg.onion/dist/torbrowser/linux instead from https://www.torproject.org/dist/torbrowser for better security when run inside Whonix. (Not sure if we can keep this, due to upstream weaknesses with hidden services scaling.) * optional Time Privacy wrapper * enable "apparmor=1 security=apparmor" by default (but didn't enable enforce mode or added any useful profiles) * moved blog to wordpress.com, better than sourceforge, because wordpress.com supports SSL, closed #23 For other changes I may have forgotten, there is a giant changelog: * https://whonix.org/wiki/index.php/ChangelogNEXT -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJR3JIFAAoJEJwTGtNxOq7vihQQALLH6v8x4CPP0tfkt9V2bLdR PGVUd03sZQgmRb+nKl08RaTDHtaTFIh0ji/IayLo1A2cjkDO5M8qRpkczxYmmjYa jcpJHMakftTLLo38cyFapfUIkVa9CYfl/1oriX9k3N+no+cn1qhnhSu4lRHFNt42 TsjPOU6kUjXTIrRzxwLj6f+StlwKvaAKkdtYQhfDEaKgkepnslCCnbMTSSNYj+SZ CZLrDGx0tIWGksgCMyV1Z+NrzUfFvO5T2JOQdX3GYnc1MvrHdfx3ntWYs+oprQy1 OLquUSyu001Vh5KW/XTC5+lKk2d5Uw2JL44uLk62/xUhYWqb0BzFLRPM5OBmAJOR jNjulhvEZEvPUiLti6L7PPSBY2h74chvQZruzmNASXbQ4kbq3qpmPCQIZ44DtVFq TQ3qOhERO0Ukbgm7TgvvpeZuYMT8zCNoU8J3pR/y7Cxsfy9laF5VQgdeirvTAJaf pufXf5VROU2g2ZvwpVSg9zGVeYS3amaQrqah9v6bustxryHXLhsLXmsuVoJOTYti b0Jr+14NbGrXjbtiy+aobqtz3Olm/n+Q7qks+J2bPcDfhUy0+4avG/2JYMSaBPLC Y7u8kjNKxdSJIR8Lx7b0llMf/pmBausFZwqkOSfea0F/+yWU87UzO+38eJhI0vGB Ol0qo98PTvuCHbnwkCi3 =Wv1a -----END PGP SIGNATURE----- |
|
From: adrelanos <adr...@ri...> - 2013-07-09 04:26:40
|
Only 1 in 22 persons (or worse) who download Whonix verify signatures using OpenPGP as recommend on the download page. Therefore, optionally we may from now start providing BitTorrent downloads. BitTorrent has several advantages and disadvantages. The good news is, if you download the .torrent file from a HTTPS secured page, such as whonix.org (migration from sourceforge to whonix.org still in progress, there will be a news about whonix.org later), in theory, the download won't be as safe as if you used OpenPGP verification, but at least as secure as HTTPS. The disadvantage is, while you can easily download Whonix over http using the Tor Browser Bundle, hiding the fact, that you are downloading Whonix, you can not easily, anonymously download .torrent files over Tor. [1] The BitTorrent files are here: https://whonix.org/download/0.5.6-torrent/Whonix-Gateway.ova.torrent https://whonix.org/download/0.5.6-torrent/Whonix-Workstation.ova.torrent If applicable, please try to download them and report if it worked for you. If you want to contribute, please seed this files until a new version of Whonix is released. Don't worry. Http downloads from sourceforge.net will be possible as long as sourceforge provides this great service. OpenPGP signatures will remain available. [1] http://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea |
|
From: adrelanos <adr...@ri...> - 2013-06-28 18:15:52
|
adrelanos: > Just a small note: > > I think we can use article names with spaces inside, such as > > [[Hide Tor and Whonix from your ISP]] > > because media wiki makes a nice underscore _ for the spaces. And if we didn't do it in the middle, we just create redirects from one version to the other. |
|
From: adrelanos <adr...@ri...> - 2013-06-28 18:08:28
|
Just a small note:
I think we can use article names with spaces inside, such as
[[Hide Tor and Whonix from your ISP]]
because media wiki makes a nice underscore _ for the spaces.
|
|
From: Vladimir A. <vla...@ap...> - 2013-06-24 22:31:53
|
On 06/24/2013 09:32 PM, adrelanos wrote: > Vladimir Arseniev: >> Belatedly, I've tested this script in Ubuntu 12.04.2, and it works >> perfectly! All non-VPN traffic is blocked, and the VPN can (re)connect >> while the rules are enabled. >> >> Thank you very much for this, adrelanos :) > > Thanks, so this script has at least two users. :) I'm writing tutorials for iVPN support, so you may get more :) In particular, I'll be explaining how to set up VM hosts that never see the Internet except through VPN services. |
|
From: adrelanos <adr...@ri...> - 2013-06-24 17:32:44
|
Vladimir Arseniev: > Belatedly, I've tested this script in Ubuntu 12.04.2, and it works > perfectly! All non-VPN traffic is blocked, and the VPN can (re)connect > while the rules are enabled. > > Thank you very much for this, adrelanos :) Thanks, so this script has at least two users. :) |
|
From: Vladimir A. <vla...@ap...> - 2013-06-24 02:49:04
|
On 05/01/2013 05:32 AM, adr...@ri... wrote: > This is only interesting for VPN users. > > VPN's generally fail open. VPN servers and VPN software can occasionally break down without announcement. This means, if the VPN is unreachable, connections breaks down for whatever reasons and so on, in most cases, you can continue to connect to the internet without the VPN. Unless you are only using the VPN to circumvent censorship and not because you believe you're safer because of any (additional) VPN, this is most likely something you want to prevent. > > This is not a Whonix specific problem. It is a general problem with VPNs. Most users are simply not aware of it. > > There are some blog posts about this topic, but no real Open Source / Free Software project supporting Linux. Therefore the VPN-Firewall project has been created by adrelanos (Whonix maintainer), providing tight firewall rules to prevent connecting to any other servers than the VPN server and to load the firewall before the network, so it's ensured, that all traffic goes through the VPN. > > If that's of interest to you, carefully check out the VPN-Firewall project page: > [https://github.com/adrelanos/VPN-Firewall](https://github.com/adrelanos/VPN-Firewall) > > URL: http://sourceforge.net/p/whonix/featureblog/2013/05/vpn-firewall---leak-protection-fail-safe-mechanism-for-openvpn/ Belatedly, I've tested this script in Ubuntu 12.04.2, and it works perfectly! All non-VPN traffic is blocked, and the VPN can (re)connect while the rules are enabled. Thank you very much for this, adrelanos :) |
|
From: adrelanos <adr...@ri...> - 2013-06-24 00:49:35
|
Now new, not written by me (adrelanos). Still useful for Whonix and might be useful for others. Therefore I made a backup and share it on github: https://github.com/adrelanos/tor-ctrl No development/maintenance on tor-ctrl planed. Please feel free to take over development/maintenance! |
|
From: adrelanos <adr...@ri...> - 2013-06-23 13:38:18
|
https://sourceforge.net/p/whonix/wiki/ControlPortFilterProxy/ |
|
From: adrelanos <adr...@ri...> - 2013-06-23 13:28:53
|
* https://sourceforge.net/p/whonix/wiki/AboutDebianPackaging/ * https://sourceforge.net/p/whonix/wiki/FlashProxy/ |
|
From: adrelanos <adr...@ri...> - 2013-06-20 14:33:16
|
fortasse: > adrelanos: >> Hi fortasse, >> >> do you speak git? >> >> I was delighted to notice, that git is already installed. >> > I love git! I was using it to pull the old SF.net documentation. Great. >> How did you install mediawiki? From tarball? >> > Yup, installed from > http://download.wikimedia.org/mediawiki/1.21/mediawiki-1.21.1.tar.gz >> How to we keep mediawiki updated while keeping settings? >> > > The Mediawiki wiki has a solid page on upgrading: > https://www.mediawiki.org/wiki/Upgrade Ok. >> How to make a backup? I just run >> >> php dumpBackup.php --current > ~/dump.xml >> >> for now and share that on github? It doesn't include >> users/passwords/permissions, but I don't expect too many users anyway. >> This includes all current pages. > > That should work well. I also have the server provider set up to do > twice-daily images of the disk, but I would hope to use those only in a > dire emergency. Yes. > Should we set up a more robust system? For me its more than fine at the moment. > We could do a > cron job to make those xml dumps and push them to github. Its a nice to have. >> >> Is it ok if I run "git init" in /var/www/wiki? I asked in #mediawiki in >> freenode, there should be no issues. If you know git, you already know >> what it does and if not, it only creates a .git folder. (Its just to >> make it easier to keep track of changes.) >> > > That would be fine. Ok. >> Can I just go ahead and change a few things in LocalSettings.php? (Want >> to enable name spaces.) >> > > Go right ahead. Ok. >> Cheers, >> adrelanos >> > > adrelanos, do you happen to have a SVG or PNG of the whonix logo? I > don't want to use the JPEG on sourceforge. No, I don't have one. > Thanks everyone, and keep up the great work so far! Just you and me at the moment. :) |
|
From: adrelanos <adr...@ri...> - 2013-06-20 14:29:12
|
The first spam bot has registered: http://whonix.org/wiki/index.php/User:Rbx4ta I blocked it manually, but have no idea how to block spam. I think for now it might be easiest/best if we manually give users edit rights after they said hello. |
|
From: fortasse <for...@ri...> - 2013-06-20 13:44:02
|
adrelanos: > Hi fortasse, > > do you speak git? > > I was delighted to notice, that git is already installed. > I love git! I was using it to pull the old SF.net documentation. > How did you install mediawiki? From tarball? > Yup, installed from http://download.wikimedia.org/mediawiki/1.21/mediawiki-1.21.1.tar.gz > How to we keep mediawiki updated while keeping settings? > The Mediawiki wiki has a solid page on upgrading: https://www.mediawiki.org/wiki/Upgrade > How to make a backup? I just run > > php dumpBackup.php --current > ~/dump.xml > > for now and share that on github? It doesn't include > users/passwords/permissions, but I don't expect too many users anyway. > This includes all current pages. That should work well. I also have the server provider set up to do twice-daily images of the disk, but I would hope to use those only in a dire emergency. Should we set up a more robust system? We could do a cron job to make those xml dumps and push them to github. > > Is it ok if I run "git init" in /var/www/wiki? I asked in #mediawiki in > freenode, there should be no issues. If you know git, you already know > what it does and if not, it only creates a .git folder. (Its just to > make it easier to keep track of changes.) > That would be fine. > Can I just go ahead and change a few things in LocalSettings.php? (Want > to enable name spaces.) > Go right ahead. > Cheers, > adrelanos > adrelanos, do you happen to have a SVG or PNG of the whonix logo? I don't want to use the JPEG on sourceforge. Thanks everyone, and keep up the great work so far! > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > _______________________________________________ > Whonix-devel mailing list > Who...@li... > https://lists.sourceforge.net/lists/listinfo/whonix-devel > |
|
From: chiccofx <chi...@to...> - 2013-06-20 07:56:54
|
fortasse: > Per the recent call for webmaster, I decided to pick up whonix.org and > a server for hosting things along these lines: > > http://sourceforge.net/p/whonix/wiki/About%20Infrastructure/#future > > adrelanos and I are working on converting the documentation > (https://github.com/adrelanos/Whonix-documentation) to mediawiki syntax. > > Please feel free to create accounts on the wiki, request shell > accounts, or throw out any ideas on improvements (outside of actually > putting documentation on the site... :P) > > We are also working toward moving the mailing list whonix.org at some > point in the future so we can get rid of these annoying ads. > > I look forward to your input! > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > _______________________________________________ > Whonix-devel mailing list > Who...@li... > https://lists.sourceforge.net/lists/listinfo/whonix-devel Fortasse, Very glad to hear this! I have been exchanging a few ideas with adrelanos on this matter, but I did not had the resources to buy the domain nor the hosting. I am developing (slowly at the moment) an OpenBSD based Whonix Gateway, intended to be used optionally instead of the current one. If you guys need any help setting the server up, I am glad to help in anyway I can. Cheers, -- GPG: 12E9 BCD6 5298 70B5 6C4C 7F1C 8C70 D6ED 188C AACE |
|
From: adrelanos <adr...@ri...> - 2013-06-20 07:01:41
|
Hi fortasse,
do you speak git?
I was delighted to notice, that git is already installed.
How did you install mediawiki? From tarball?
How to we keep mediawiki updated while keeping settings?
How to make a backup? I just run
php dumpBackup.php --current > ~/dump.xml
for now and share that on github? It doesn't include
users/passwords/permissions, but I don't expect too many users anyway.
This includes all current pages.
Is it ok if I run "git init" in /var/www/wiki? I asked in #mediawiki in
freenode, there should be no issues. If you know git, you already know
what it does and if not, it only creates a .git folder. (Its just to
make it easier to keep track of changes.)
Can I just go ahead and change a few things in LocalSettings.php? (Want
to enable name spaces.)
Cheers,
adrelanos
|
|
From: adrelanos <adr...@ri...> - 2013-06-19 12:05:03
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 As for forum (askbot), let's put that on hold for now. Why? Whonix may or may not [1] be allowed the redirect users to the new forum [2] upstream (The Tor Project) wants to build. In meanwhile, the sf forum must do. This can be revisited when more important tasks are done. [1] https://lists.torproject.org/pipermail/tor-talk/2013-June/028594.html [2] http://area51.stackexchange.com/proposals/56447/tor-online-anonymity-privacy-and-security -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJRwZ5WAAoJEJwTGtNxOq7vNxAP/3aO1vcOcTewSEfWc/MVvYrP Sn09ldD7yZlfQGQYJMtsAJ2Xcm85pzRGdBThC8W/ahwuWXoesNq9B5BofPoY++cj YjA94tkzFRTxx9Ezt5q/KYvfJGIBp9gDv94R7SmGWw4/QkfQJ6Vt/eGQ6gFlq52B EVHe+31zaQmjUtIWNIzFzVn1sujvrQqNms8AOJmDUWWm9bL2boL7FtIFjRaiVD71 mpLBWOoHqxmg64QhTybzQApYsCmt4gAvrKByBj2q1wJYo/sz9Zji/dG2/bH7x9eh TCZaWbGIhd3FzFHjk3Isnk3S46yqBr+FfnzFEMdcdUEroK+E9d8otVTlt+9rZaH2 9lRtgd9p+jcShUY1MjXsELEq3ZL/lBl+d8Q1eUxXjQMwYa0VYxPm63TpOOwZEXu1 zsPWdR/pe8MJZY/ECBb0ymOiL8WyV5WzxRWY08zd5BJJ5yZ2UwDAJjko75/i2hug V7WDBMLVroOr/P4Jn2ZKl/+KCSrvfqlO20ohxKxSXYvBdo3WXh+fdkUjpUg/ON6F GqtH0sEWyR5Ugcyxh8N2L/llOXM1eSJXXpcCrG7IlZVIjTUpSB6ZoGNI6alzb2LG oNm3gSF6ssXhst3dHhEu8gkG1K1FsNzv7RKxUg+zLcxcI6C6Toa66+1Q0ZlIpbPr y7HJuagXCuFKmJmmu8yP =S7Fk -----END PGP SIGNATURE----- |
|
From: fortasse <for...@ri...> - 2013-06-18 15:51:53
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Per the recent call for webmaster, I decided to pick up whonix.org and a server for hosting things along these lines: http://sourceforge.net/p/whonix/wiki/About%20Infrastructure/#future adrelanos and I are working on converting the documentation (https://github.com/adrelanos/Whonix-documentation) to mediawiki syntax. Please feel free to create accounts on the wiki, request shell accounts, or throw out any ideas on improvements (outside of actually putting documentation on the site... :P) We are also working toward moving the mailing list whonix.org at some point in the future so we can get rid of these annoying ads. I look forward to your input! -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJRwIHlAAoJEEPTfXfAqYu36egP/05UxeAkr3U2iuWqPG1rKmgI ODg+yTHF9sci3fCdYjbMp/JgqZSG0DxtluaJ9CvQEaprcmUZ/DFwU8Ban3AZnJy7 VOAE6dFPFIhAMZe27nFZcQJAUUbGmREJ/LGUrGWdLcQ8rztdhFmyty8qQVplG2hx hjupzTJEywvYxiqdWVmP7h/idu8nwqxY3K5Mp6bZpFYZ7ChXl7pmNHhreAdbWAxE K1V5UpZOopEx92bGbQJe66obwth45ejsVGml9ReO1FhJkLQnHdI7xiESzf158E+a MeLJ+Ub9XFl9OVGYoN7G5YTgwVGuDOBeXkZqdzWEyWT3Lh1zU37l/oxVQ1kWsYws SV1zGReuc1Bh777iOVt4W5UGPdp3GEQ8MCUOV+N18o1fioOGZM/xa7iJbm7e3764 jEEdpJ1+suf8U9otftFYL+C/Ufwbp/RQkB3YBkR0i+UjbMxSHS3E5gzu1viQ4xi/ isrZzYgFs63TE/nyZr3Mf/ji2SQANR7mpeaxEzBot7adX2YOxH4CwFHT5RrebcoD x4sQ95XCwhBFVrCstk7XI8bPnIb+ZRjusrAyjQ1E3GJq4FUj9cRgYkPpm0LPNO0x cR9u9XvMcglxezn4tJEJCDT9C+OOcv1SXk6vE9y2Tu+OnSqWAkHs4GuvuRMoKClt 81c6pgFNeUOI2mU0WDES =XezD -----END PGP SIGNATURE----- |
|
From: adrelanos <adr...@ri...> - 2013-06-16 22:10:24
|
Whonix Physical Isolation users might who are also interested in Raspberry Pi might be happy to hear, that there is some progress documenting how to use RP to host Whonix-Gateway. An anonymous user posted instructions in Whonix Forum, in case you're interested, see: https://sourceforge.net/p/whonix/discussion/general/thread/2aa20d25/#3ba4 |
|
From: adrelanos <adr...@ri...> - 2013-06-13 15:07:42
|
Whonix has a new bug and feature request tracker. Please post your bugs and feature requests there: https://github.com/Whonix/Whonix/issues In case you are interested in Whonix development or contributing to Whonix development, please register for github, login, go to https://github.com/Whonix/Whonix/issues and press "watch" (at the top). This will sign you up for e-mail notifications. New issues or comments to existing issues will then be mailed to you. |
|
From: chiccofx <chi...@to...> - 2013-06-10 20:47:45
|
adrelanos: > chiccofx: >> adrelanos: >>> How do you plan to replace grml-debootstrap, i.e. the step for creating >>> a base VM image? >> >> I just recently started looking into whonix source code. I believe that >> whonix would have to be built from inside an OpenBSD machine. This could >> possibly break the workstation building process, but I believe that it >> is easier to fix that from inside OpenBSD, than building OpenBSD inside >> linux. OpenBSD introduces changes to the gcc, assembler, linker, etc. >> This: http://www.openbsd.org/faq/faq5.html, illustrates the building >> process. > > Its not a problem, to build Whonix you also need to build on Debian > Wheezy (or maybe above) on hardware or inside a VM. You can't build > Whonix on Ubuntu, unless you want to change a few things and get an > Ubuntu-based Whonix and you can not build on top of Windows and I doubt > you can build it on top of Mac, BSD, etc. Nice. > >> Of course this would only apply to the ones wanting to build from >> source, and these could (or not?) be considered computer literate enough >> to setup a OpenBSD virtual machine (that if they are not already using >> one as host). > > Seems only natural to be, that you have to build the Debian based VMs on > Debian and BSD based VMs on BSD. > > If you want support building a Whonix-BSD-Gateway on Debian, maybe > chroots could work? In this case I believe it would be simpler to adapt things to build on BSD than building the BSD on debian, because there is not a deboostrap similar on OpenBSD. Anyway, crossbuild and crosscompiling always is a bad idea, so building the whonix workstation should be done on debian, and build whonix openbsd gateway should be done on openbsd. > >> Also, the script can detect and only build an OpenBSD gateway if being >> run from inside it (or asked to, or both), if not build the debian based >> gateway. This is the price to pay for extra security, even smaller >> attack surface on the gateway and less RAM needed for it, freeing RAM to >> the workstation (to me this is the most nice, for performance reasons). > > Yes, we can autodetect it and/or use command line options. As soon as I have a setup that I consider stable (pf firewall rules + tor), I will start working on the building process, and virtual machine image generation. -- GPG: 12E9 BCD6 5298 70B5 6C4C 7F1C 8C70 D6ED 188C AACE |
|
From: adrelanos <adr...@ri...> - 2013-06-10 18:58:05
|
Next version of Whonix might include an auto updater. In any case, it will be made as easy as possible to disable it. At the moment its enabled by default. With enough feedback I could get talked into leaving it disabled by default and only notify about updates and then letting people enable it. Please also leave feedback, if you think it's fine as it stands and should be enabled by default. The documentation for next Whonix version is here: https://sourceforge.net/p/whonix/wiki/Next/#trust I tried to be as verbose as possible for any security implications as possible. Tell me, in case the documentation lacks something. The whonix_repository man page is here: https://github.com/Whonix/Whonix/blob/master/man/whonix_shared/whonix_repository.ronn The related git code commit is here: https://github.com/Whonix/Whonix/commit/cfa0c2ee6560c99e4fc591ee9ae76ee1c0677645 Cheers, adrelanos |
|
From: adrelanos <adr...@ri...> - 2013-06-10 18:48:13
|
https://sourceforge.net/p/whonix/wiki/OtherVirtualizationPlatforms/ |
|
From: adrelanos <adr...@ri...> - 2013-06-08 14:12:22
|
chiccofx: > adrelanos: >> How do you plan to replace grml-debootstrap, i.e. the step for creating >> a base VM image? > > I just recently started looking into whonix source code. I believe that > whonix would have to be built from inside an OpenBSD machine. This could > possibly break the workstation building process, but I believe that it > is easier to fix that from inside OpenBSD, than building OpenBSD inside > linux. OpenBSD introduces changes to the gcc, assembler, linker, etc. > This: http://www.openbsd.org/faq/faq5.html, illustrates the building > process. Its not a problem, to build Whonix you also need to build on Debian Wheezy (or maybe above) on hardware or inside a VM. You can't build Whonix on Ubuntu, unless you want to change a few things and get an Ubuntu-based Whonix and you can not build on top of Windows and I doubt you can build it on top of Mac, BSD, etc. > Of course this would only apply to the ones wanting to build from > source, and these could (or not?) be considered computer literate enough > to setup a OpenBSD virtual machine (that if they are not already using > one as host). Seems only natural to be, that you have to build the Debian based VMs on Debian and BSD based VMs on BSD. If you want support building a Whonix-BSD-Gateway on Debian, maybe chroots could work? > Also, the script can detect and only build an OpenBSD gateway if being > run from inside it (or asked to, or both), if not build the debian based > gateway. This is the price to pay for extra security, even smaller > attack surface on the gateway and less RAM needed for it, freeing RAM to > the workstation (to me this is the most nice, for performance reasons). Yes, we can autodetect it and/or use command line options. |
1 message has been excluded from this view by a project administrator.