Kicksecure ™

Download

On Computer USB Installation Debian morph to Kicksecure Windows (VM) Linux (VM) Mac (VM) VirtualBox (VM) KVM (VM) Qubes (VM) More options Source Code

About

Overview Features Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Contribute

Support

Self Support First Policy Search Engines, Docs and AI Support (Limited) Reporting Bugs Contact (Restricted)

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

One noteworthy software that is in use apart from the MediaWiki software for the Whonix and Kicksecure communities is Discourse. We have 2 forums https://forums.whonix.org and https://forums.kicksecure.com . Both have themes installed and custom HTML/CSS

General Setup[edit]

• Generally the Discourse (software) community doesn't seem too active. A lot of code is outdated. This also applies to the themes
• Several themes have bee checked for Whonix and Kicksecure, 2 were chosen, installed and activated
• For both themes there is a dark mode, but it seems to be only available globally
  • There is a component for switching to dark mode, but it is reported as broken.
    • We tested it but it appeared to be broken too https://meta.discourse.org/t/dark-light-mode-toggle/215585
    • If this is VERY important for users we can look into writing a dark mode switcher ourselves (probably a longer task)
  • Kicksecure: Theme "graceful"
    • Hyperlinks are very readable - dark mode is available
    • Logo placement looks good
  • Whonix: Theme is "air theme" - dark mode is available

Customization[edit]

• There are some customizations for Discourse, namely with HTML and CSS. Mostly we use the "header" component in Admin > Customize (for custom HTML and CSS)
• We also customize our themes there
  • For example the "Air Theme" in the Whonix forums is customized so that the category overview page is readable on mobile

Discourse without Javascript[edit]

1. Discourse heavily relies on Javascript. But it works without JS too.
2. A lot of things in Discourse are done with Javascript including some content reorganization
   1. Without JS they give you a "broad hint": "Powered by Discourse, best viewed with JavaScript enabled"
   2. This discussion also implies it's Javascript first: https://discourse.pijul.org/t/make-the-forum-usable-without-javascript/186
   3. However this doesn't mean it's not usable without JS - it is (which you can't say for many web apps)
3. Unfortunately some themes have problems without Javascript and also some components
4. So dev rule number 1: Always check how the page looks and works without Javascript - especially if you're working with third party components and themes
5. In case of the Whonix forum the "Air Theme" does not work properly without Javascript. The background overlapped the foreground
   1. The solution we applied was to add a noscript tag to the "header" component in Admin - sub section body
   2. In this noscript tag we have a script tag in which we declare that the blue background is not displayed without JS
   3. It is also important that we use the body subsection and NOT the footer subsection because the footer subsection is included via Javascript while the body section renders directly to the end of the body without Javascript
6. Dev rule number 2: Always check which admin components to use.
7. For example in the "header" component in Admin > Customize (for custom HTML and CSS)
   1. In the "body" (sub section tab "body") we have the noscript-tag which will be applied only if Javascript is DEACTIVATED.
   2. This has to be in the body section because for example the footer (sub section tab "footer") is NOT rendered without Javascript. But "body" is.
   3. Reversely we have the same content for the footer content AGAIN in the footer section, because this will be rendered if Javascript is active. And it will be rendered without "content jumping" because it will be rendered alongside the main content

mixed content[edit]

Did you upload / modify something related to http://forums.whonix.org/uploads/default/optimized/2X/2/222b7257d0600f2bc69cf77e6bc273aa0074ed4e_2_512x512.png ?

Mixed Content: The page at 'https://forums.whonix.org/c/news/21' was loaded over HTTPS, but requested an insecure element 'http://forums.whonix.org/uploads/default/optimized/2X/2/222b7257d0600f2bc69cf77e6bc273aa0074ed4e_2_512x512.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Mixed content warning fixable?

But should not be hardcoded to https either to avoid breaking the onion.

DEV

• research with "discourse Mixed Content: The page at"
• Answers suggest: This might be a discourse problem with installation and configuration
• The file is not listed in source code and not used in the dom
• It seems to be just pulled by javascript (internal discourse framework) but never used
• The problem also appears on every site of the forum not just the selected thread
• I tried re-uploading every branding picture but it didn't help
• Suggestion: more research but I skipped for now because it took too long

Whonix discourse forums[edit]

Many issues.

non-JS version broken

other issues on mobile

todo: revert to upstream default [DONE]

DEV

• The forum has been reverted to upstream default, but in a way to backup the changes (changed were commented out)
• Detailed steps
  • Admin > Customize > Themes : Theme default was set to "Default" theme and "Air theme" was set to be not available for users anymore
  • Admin > Customize > Themes > Default > CSS : All settings were commented out
  • Admin > Customize > Themes > components > header : All settings were commented out

Upstream Bug Reports[edit]

• NoScript Users Unable to View Custom Footer in Theme Customization

Footnotes[edit]

Kicksecure A secure by default operating system with the latest security research in place.

Dark mode

Follow us on social media

Supported by Power Up Privacy

Kicksecure is proudly supported until 2025 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012- 2024 ENCRYPTED SUPPORT LP

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!