Progress Reports

From Kicksecure
Jump to navigation Jump to search

On this page we give an overview on the continuous progress for Kicksecure (and Whonix) on the most active contributors.

Introduction[edit]

  • Kicksecure (and Whonix) are both long standing projects with an established history and both are still continuously further developed.
  • On this page we like to give an overview on the continuous progress for Kicksecure (and Whonix) and on the most active contributors. They write content, they research, they implement and much more.
  • Each contributor has a chapter.

arraybolt3[edit]

2024-12-18[edit]

More development on sysmaint mode[edit]

Date: 2024-12-18

Made changes to user-sysmaint-split, sysmaint-panel, security-misc, and helper-scripts to prepare sysmaint mode for release and general use. Needs more testing before it's ready for release, but it's very close to ready.

Test IPv6 support for Whonix[edit]

Date: 2024-12-18

Reviewed new changes in DanWin's IPv6 support code, built and tested it. Could not get it to work, I think DanWin explained why but I'm not sure what's needed to make it work.

Prepare NMU for Calamares 3.3.12 fix[edit]

Date: 2024-12-18

Created a simple NMU to fix the bug keeping Calamares 3.3.12 from migrating. Asked for help with sponsorship, but no one in #debian-devel volunteered so I'll probably have to ask someone I know for help there (thankfully that's easy).

2024-12-17[edit]

Further improvements to sysmaint mode graphical session[edit]

Date: 2024-12-17

Determined how to make a boot mode that would boot into a graphical system maintenance mode session, and in general improved the sysmaint panel app so it would be nice to use. Also did a lot of discussion with Patrick about how to best implement the user-sysmaint split.

2024-12-16[edit]

Work on admin mode graphical session[edit]

Date: 2024-12-16

Attempted to determine what is needed to create a simple, auto-login graphical session for Kicksecure's admin mode. Ran into trouble with display manager and login-related issues, but made good progress on overcoming those. Also wrote a simple admin control panel app.

2024-12-15[edit]

Study Verified Boot[edit]

Date: 2024-12-15

Did a very large amount of study on Verified Boot and technologies that could be used to implement it, discussing concepts and design ideas with Patrick and documenting a potential design idea. The design needs more polishing and might not be practical yet, but it looks potentially hopeful.

Prevent VirtualBox from attempting to auto-install Kicksecure[edit]

Date: 2024-12-15

VirtualBox's automatic installation feature is incompatible with Kicksecure, but because Kicksecure's ISO was identifying itself as a Debian ISO in /.disk/info, VirtualBox was treating it as Debian and attempting to autoinstall it. This would result in failure to boot. To resolve this, I changed our fork of live-build to identify the ISO as being a Kicksecure ISO instead, which resolved the issue - VirtualBox no longer attempts to autoinstall from Kicksecure ISOs.

2024-12-14[edit]

Add config file purge feature to dummy-dependency[edit]

Date: 2024-12-14

Added --remove and --purge switches to dummy-dependency, which can be used to explicitly choose whether or not to remove conffiles when replacing a package with a dummy package. By default, --remove is used, which keeps the conffiles.

Implement ISO integrity self-check[edit]

Date: 2024-12-14

Added easy ISO self-verification support to live-build, submitted it as an upstream MR, and merged it into our custom fork of live-build, enabling it in derivative-maker.

2024-12-12[edit]

Investigate dracut-config-rescue[edit]

Date: 2024-12-12

Investigated whether it would harm anything to remove dracut-config-rescue, or if it would improve things if it were removed. The package is supposed to include various useful utilities that users might want in the event they get dropped to a Dracut rescue shell. Based on my research (done by rebuilding and unpacking initramfs files on a live ISO), it seems to not be being used at all, so it should be fine to remove. (We don't even want the rescue shell to be enabled by default anyway, so any harm that could be caused by removing this is likely to be minimal.)

Investigate memtest86+ signing[edit]

Date: 2024-12-12

Memtest86+ is not signed, so it doesn't work on systems with Secure Boot enabled. Sent an email asking what can be done to help move things forward so Memtest86+ can be signed.

Integrity check and DRK development[edit]

Date: 2024-12-12

After debugging an issue that Patrick and I originally thought was the result of a corrupted ISO, Patrick had the idea of adding integrity checking to the ISO. This can be done with Dracut using the isomd5sum package. Got support for it working in live-build, however it currently only works on Trixie for reasons unknown to me (it always fails on Bookworm). Needs more development before it's ready for merge and release.

While waiting for very long builds (partially caused by accidentally building for arm64 rather than amd64 a couple of times), I worked on the Debian Rolling Kit some more. So far I have a working dependency resolver that can take a source package name as input, and spit out all binary packages in its dependency tree that have newer versions in Unstable than in Testing.

2024-12-11[edit]

Start writing Debian Rolling Kit (drk)[edit]

Date: 2024-12-11

Finally managed to get the Debian Archive Kit (dak) working. There's quite a bit of tooling that appears to be missing before maintaining a rolling archive will be practical, so I started writing it in Python. Since it complements the Debian Archive Kit, I called it the Debian Rolling Kit.

Test PR for optional squashfses in Calamares[edit]

Date: 2024-12-11

One of the Lubuntu devs heard that I wanted to add support for optional squashfses to Calamares, and decided to implement it and make a PR for it. Tested it, it appears to work well. (Thanks to Simon Quigley for writing the code for this!)

Fix Secure Boot and multiarch support[edit]

Date: 2024-12-11

Polished bootloader installation code to ensure that Secure Boot and non-amd64 systems were properly supported.

2024-12-10[edit]

Experiment with creating Debian Rolling[edit]

Date: 2024-12-10

Set up a Debian Bookworm server VM, installed the Debian Archive Kit (dak), and began investigating how to set up a rolling archive on my local machine. This was tricky since dak's installer was broken, and the documentation was bad, so I haven't made a whole lot of progress, but I have a good foundation laid out.

Test Secure Access Key with LXQt Wayland, report bug[edit]

Date: 2024-12-10

Discovered that Alt+SysRq+R + Alt+SysRq+K did not work as expected under QEMU with virtio graphics and no 3d acceleration. This might be specific to my setup, but parts of it might not be, so I reported it upstream.

More Kicksecure live-build ISO enhancements[edit]

Date: 2024-12-10

  • Reverted to old GRUB config for graphics handling, since it worked better
  • Changed the data reported on the ISO boot menu so that full version information was included and superfluous data was removed
  • Added memtest86+
  • Added a 30-second timeout before automatically booting the live session

2024-12-09[edit]

Send bug reports for the ISO changed files issues[edit]

Date: 2024-12-09

Thoroughly studied each of the changed files, writing bug reports as appropriate and testing things as needed.

Review boot modes wiki page[edit]

Date: 2024-12-09

Looked at the boot modes page, made notes about things that may need to change.

Brainstorm and experiment with sudoless implementations[edit]

Date: 2024-12-09

Experimented with ways to implement sudoless support in Kicksecure, and brainstormed ideas with Patrick. Ultimately sudo and pkexec will retain their SUID bits but not be executable by anyone but the admin user. We may also want to allow switching between the admin and primary users without requiring a reboot. The admin account may be ephemeral (although we haven't entirely decided on whether this is a good idea or not yet), and Wayland will be used to improve security by avoiding potential vulnerabilities in X that could be exploited via the world-accessible UNIX sockets X make available under /tmp/.X11-unix.

2024-12-08[edit]

Research and start developing sudoless support[edit]

Date: 2024-12-08

Did a lot of research to determine what needed to change in Kicksecure and Whonix to make it sudoless (i.e., sudo or similar tools cannot be used when booted in 'user mode', and can only be used if booted into 'admin mode'). Also reimplemented livecheck's functionality in a sudoless manner, it was one of the few spots where it was practical to just remove the need for sudo entirely.

Document comparing git tags in derivative-maker[edit]

Date: 2024-12-08

Did a lot of study and experimentation on how to compare git tags to each other in derivative-maker, without ignoring changes in submodules. Found a solution involving using git diff --submodule=diff and a PatchViewer web application. Attempts to make a difftool-like utility for this were unsuccessful.

Determine if run0 is suitable for Kicksecure[edit]

Date: 2024-12-08

Studied run0 (a sudo alternative), determined it was not suitable for use in Kicksecure and Whonix, and wrote a reply to Patrick about why.

Propose a solution to shipping machine-ids[edit]

Date: 2024-12-08

Currently we're shipping hardcoded machine ID files for Kicksecure and Whonix, intentionally. The problem with this is that Debian does not expect these files to be package-controlled, but expects them to be dynamically generated. Thus there is some code in tools like live-build that wipe ephemeral machine IDs, and other code elsewhere in Debian that generates new ones It would therefore be a good idea to switch to dynamically generating machine IDs, even if it's just to put a static ID on the disk. The machine ID files should NOT be shipped by a package. We can leverage Calamares for this, it's designed for it.

Disable both recovery modes[edit]

Date: 2024-12-08

Added code to disable both the single-user mode boot options, and the ability to drop to Dracut's recovery shell. Both of these will be easily bypassable until such a time as a bootloader password is implemented, but they may provide a minor amount of protection for now, and potentially a substantial amount in the future.

Added fwupd to Kicksecure ISO, experiment with live-build dm-verify[edit]

Date: 2024-12-08

Added fwupd and fwupd-signed to Kicksecure's live-build ISO, taking into account architecture-specific concerns with fwupd-signed. Tested amd64 builds and ensured they still worked. While waiting for this build, I also experimented with the --dm-verity option in live-build, which proved to be not supported at all when Dracut is used as an initramfs. Development work will be needed to get that working.

2024-12-07[edit]

Research derivative-maker git tag comparison[edit]

Date: 2024-12-07

Tested Patrick's script for reviewing code changes between git tags in derivative-maker, including changes in submodules. This script had some issues, many of which were caused by the behavior of git diff, so I wrote a script that mimicked git difftool --tool=meld --dir-diff's behavior but including submodules in the picture. Also sent a feature request / offer to contribute a feature to Git to see if we can solve the problem upstream.

2024-12-05[edit]

Researched implementing safe_echo with formatting support[edit]

Date: 2024-12-05

Looked at issues that were being experienced with safe_echo and formatting, and came up with a potential solution for resolving them after researching ANSI escape codes.

Researched previous Debian rolling release attempts[edit]

Date: 2024-12-05

Looked into DEP-10 (https://dep-team.pages.debian.net/deps/dep10/archive.org) and a practical proposal for implementing a Debian rolling release (https://lists.debian.org/debian-devel/2011/05/msg00275.htmlarchive.org). There appears to be a potential way forward here, there's just some serious hurdles and no one's had the time or motivation to implement the proposals.

Enhance live-build[edit]

Date: 2024-12-05

Fixed several bugs and added enhancements to live-build.

2024-12-04[edit]

Investigate live-build downloads[edit]

Date: 2024-12-04

Reviewed live-build file download code.

Investigate strange vm-config-dist reinstallation bug[edit]

Date: 2024-12-04

Determined that vm-config-dist's Installed-Size somehow differed between the local build of Kicksecure and the remote repo. This is not a change in the deb file, but rather a difference in the metadata provided as part of an apt repo.

2024-12-03[edit]

Improve swap-file-creator heuristics[edit]

Date: 2024-12-03

Added logic to swap-file-creator and helper-scripts' calculate-swap-size script to cap the swap file size at 10% of the total size of the disk. Tested, the new code appears to work right and passes Shellcheck. calculate-swap-size's regression tests pass and also now include a test for small disks.

Review potential package additions for the ISO[edit]

Date: 2024-12-03

Looked at three packages Patrick suggested potentially adding to the ISO, to see if they needed to be added or not. (The packages were specifically mokutil, keyutils, and efibootmgr.) All three are being installed on our ISOs by default, and I don't think it's a good idea to explicitly add any of them. Documented this in dev/todo.

Investigate debsums warnings[edit]

Date: 2024-12-03

Discovered that all warnings about changed files shown by debsums were the result of live-build. Documented why each file is changed, and what might be able to be done to avoid needing to change those files, or mitigate undesirable effects of having to change them.

Finish debugging SDDM lockup issues[edit]

Date: 2024-12-03

Found the root cause of the SDDM lockup issues, created a patch that resolves them, and sent a bug report to Debian with the results. (Two different bugs were at work, one being an incomplete socket read issue, and another being a regex match issue.)

2024-12-02[edit]

Add generic multi-arch support to derivative-maker's live-build code[edit]

Date: 2024-12-02

Added the ability to (in theory) build Kicksecure for any officially supported Debian architecture. amd64 builds and arm64 cross-builds on an amd64 system are both tested, other architectures have not been tested.

Work on debugging SDDM lockup issues[edit]

Date: 2024-12-02

Debian systems that use SDDM can be rendered difficult to log into after distro-morphing to Kicksecure. Typing a wrong password at the SDDM screen results in all further login attempts causing SDDM to hang, until the user logs in successfully some other way. Logging in some other way (for instance, at a TTY) results in being able to log in via SDDM again. I attempted to determine what was going wrong, but failed to find the root cause. More debugging is needed.

Research Calamares' use of Argon2id for LUKS2[edit]

Date: 2024-12-02

Determined that Calamares was using Argon2id for LUKS2 on Kicksecure, but only because of cryptsetup defaults. Followed up on an MR for libkpmcore that could be used to fix this.

2024-12-01[edit]

Debug and fix arm64 build failure[edit]

Date: 2024-12-01

Figured out why tirdad was failing to build on arm64 (turns out it doesn't support Livepatch). Resolved with changes to derivative-maker to install dummy-dependency-tirdad instead on arm64.

Also did review work and wrote an (as of yet untested) script for building doas config snippets into a config file while waiting for builds to complete.

2024-11-29[edit]

Polish Calamares filesystem restriction PR[edit]

Date: 2024-11-29

Ran a bunch of tests on the Calamares filesystem restrictions PR, fixing several bugs in the process. There's one stubborn bug remaining that I'll need to work out before this is mergeable, but it's very close, and the Calamares devs appear to be ready to merge when it's ready for merging.

doas feature requests[edit]

Date: 2024-11-29

Discussed doas feature requests on the OpenBSD tech mailing list. All feature requests appear to have been rejected, so we'll have to use wrapper scripts to implement the needed functionality. I originally thought wrapper scripts was a bad idea, but the lead OpenBSD dev seems to be in favor of that solution, so it should be OK.

2024-11-28[edit]

arm64 builds, umask, doas, immutable root testing[edit]

Date: 2024-11-28

Ended up lumping all of these topics into one because most of the things I worked on were done while waiting for very slow arm64 cross builds of Kicksecure to finish or fail.

Got arm64 builds of Kicksecure's ISO working with live-build. Ended up finding a bug in one of our live-build patches and a bug in live-build upstream in the process, also found several spots in the configuration and ISO build script that needed fixed in order for the ISO to build. I managed to get a working ISO that was bootable using a UEFI-enabled arm64 emulator. amd64 builds still work and appear to be good. So far only cross-building arm64 on amd64 has been tested, I have not yet tested native arm64 builds.

Finished researching umask hardening, and made a pull request that enables it. Turns out a mixture of PAM and sudoers settings should work for this.

Sent an email to the OpenBSD development mailing list to see if they're willing to accept doas patches for adding the functionality we want.

Tested both Debian and Kicksecure installations with a fully read-only root partition. Sadly this did not end up working, making the root partition read-only makes it impossible to get a graphical user environment, and with Kicksecure it makes it impossible to even get a console login.

Finalized and pushed pkexec fixes[edit]

Date: 2024-11-28

Worked out the remaining issues with the pkexec fixes and pushed them.

2024-11-27[edit]

Investigate how OpenSSH handles umask[edit]

Date: 2024-11-27

Researched how OpenSSH launches programs and shells, and how it handles umask. Much of this involved reading through part of the (thankfully very well-commented) source code of OpenSSH itself. Documented how umask is handled and relevant info about how shells are launched in dev/todo.

Polish physical attack protection docs[edit]

Date: 2024-11-27

Fixed some minor issues with the original docs, and filled out the section about hardware tampering detection with more detailed info. In the future we may also want to document writing one's own grub.cfg files for fine-grained control over bootloader password settings.

Fix pkexec policykit config[edit]

Date: 2024-11-27

Mostly fixed issues found previously, need input from Patrick on how to finish fixing this.

Fix network configuration settings for live-build ISO builds[edit]

Date: 2024-11-27

grml-debootstrap was previously being used to write /etc/hosts and /etc/hostname for ISO builds. The new live-build method of building ISOs didn't do this, resulting in these files not being properly configured. Code has now been added to properly configure them.

Try to reproduce lightdm and sleep issues on physical hardware[edit]

Date: 2024-11-27

After I failed to reproduce the bug mentioned by sam on the Kicksecure Forums in a virtual machine, I installed Debian 12 Cinnamon onto a USB drive using my primary laptop, booted from it, and distro-morphed to Kicksecure, using the kicksecure-xfce-host package to see if that would cause the problem. I still could not reproduce either the SDDM freezes or the sleep issues. Left a comment on the forums with some ideas about why this might be happening.

2024-11-26[edit]

Review pkexec policies and privileged scripts connected to them[edit]

Date: 2024-11-26

Did a security review on the two pkexec action policies we ship, along with the privileged scripts they point to. Shared results of the review with Patrick.

Research using capabilities in place of root access[edit]

Date: 2024-11-26

Did more research on how capabilities work under Linux, and whether they can be used to replace root access in Kicksecure. Unfortunately I do not believe this to be practical, due to the fact that the capabilities system would likely require extensive permissions modifications and changes to systemd units in order to make it work. Debian is not designed to work this way. The security benefits of mixing traditional privilege control with capabilities aren't all that powerful, and even a total port to the capabilities system wouldn't confer good security advantages without careful planning.

2024-11-25[edit]

Review rads code[edit]

Date: 2024-11-25

Reviewed the source code of RAM Adjusted Desktop Starter to see if it looked like the source of the distro morphing glitch bug. Found a couple of minor issues, but it did not appear to be the source of the issue.

Determine difficulty of replacing sudo with doas in Kicksecure and Whonix codebases[edit]

Date: 2024-11-25

Used grep to scan through all of our code and determine how difficult it will likely be to port from sudo to doas. Some areas look potentially tricky, but it appears doable. Posted the results of the audit as a Github Gist and saved a link to it it in dev/todo.

Do initial research on replacing root access with capabilities[edit]

Date: 2024-11-25

Researched Linux capabilities, how to use them, and if they could potentially be used to restrict privileges on all set-UID root applications (and potentially even remove the need for an accessible root account). Noted down some of the more useful things found during the research, going to work on this more tomorrow by doing hands-on testing.

Attempt to reproduce distro morphing glitches[edit]

Date: 2024-11-25

Did a distro morphing install on Debian KDE to see if I could get the login manager or sleep to break. Failed to reproduce the bug. Need to try again with a slightly different method of distro morphing.

2024-11-24[edit]

Rewrite str_replace and str_match in Python[edit]

Date: 2024-11-24

After Qualsys found the needrestarts vulnerabilities, we decided to double-check those parts of our codebase that used Perl and harden them if necessary. Most of our uses of Perl only process trusted input, or only process input in a way that is likely to be safe. However, str_replace and str_match seem like they could reasonably be used to handle untrusted data and might not be called in a definitely safe fashion, and so just in case, I rewrote them in simple, straightforward Python, linting it with PyCharm and testing str_replace with dm-packaging-helper-script's pkg_descr_creator and pkg_descr_merge_all functions, ensuring that the new versions generated identical output to the old versions.

Overhaul Calamares filesystem restrictions pull request[edit]

Date: 2024-11-24:

Made all changes requested by the Calamares devs. This ended up being a large job, as one of the requested changes was an additional validation layer that proved to be very difficult to implement well. It was able to be implemented however, and it seems to be working properly.

2024-11-23[edit]

Test, bugfix, and discuss the Calamares filesystem restrictions pull request[edit]

Date: 2024-11-23

Tested the code currently used to implement the Calamares filesystem restrictions feature. It passed a thorough test plan, but ultimately was not usable as-is - a Calamares developer discussed it with me, pointed out several flaws that needed resolved, and helped me figure out how to best resolve them.

Research Python and Perl security pitfalls[edit]

Date: 2024-11-23

Carefully read the Qualsys needrestart vulnerability report, along with the link to the Phrack article by rain.forest.puppy and two documentation pages from the SEI CERT Perl Coding Standard. Did further research to understand better the risks of the vulnerabilities and weaknesses listed. Also found a link to a number of common Python pitfalls and how to avoid them.

Push fixes for sudoers.d issues[edit]

Date: 2024-11-23

Pushed all fixes for the sudoers.d to GitHub, they are now ready for merging.

2024-11-21[edit]

File Qubes doas support ticket[edit]

Date: 2024-11-21

Filed an enhancement request in qubes-issues for adding support for Qubes that use doas rather than sudo, explaining how this would potentially benefit Whonix and Qubes OS users.

Test permission hardening on home directories[edit]

Date: 2024-11-21

Discovered that home directory permission hardening does not behave as expected on Kicksecure, regardless of whether I use pre-live-build installation media or post-live-build installation media.

Work on sudoers.d related issues[edit]

Date: 2024-11-21

As discussed.

Research default umask settings[edit]

Date: 2024-11-21

Researched what would be necessary to set a restrictive umask for user accounts, while setting a more relaxed umask for root so as to avoid bugs. Ended up being more complex than expected, it's unclear whether the additional complexity is worth it or not. I documented both my findings and some implementation ideas.

Polish restricted filesystems implementation for Calamares[edit]

Date: 2024-11-21

Debugged issues in my draft implementation from yesterday, implemented changes suggested by a Calamares dev, and did some basic testing on the code to ensure it wasn't badly broken.

2024-11-20[edit]

Create draft implementation of restricted filesystems for Calamares[edit]

Date: 2024-11-20

Created a work-in-progress implementation of the "let me restrict what filesystems the user can use" feature request for Calamares. This hasn't been tested yet, and it may need substantial changes before it can be merged, but an initial attempt at implementing it is now public and available for discussion.

Debug why Calamares 3.3.11 isn't migrating to Trixie[edit]

Date: 2024-11-20

Found out why Calamares 3.3.11 has been stuck in Sid. Turns out there's a project, calamares-extensions, which the Calamares devs also control, and that they had taken a module from and put it into Calamares itself. This resulted in a file conflict between an old version of calamares-extensions and the newer version of Calamares. Asked the Calamares devs to finalize the release of calamares-extensions so this can be resolved.

Attempt to create MRE for live-build apt-cacher-ng conflict[edit]

Date: 2024-11-20

Wrote and tested a detailed minimal reproducible example for the live-build apt-cacher-ng conflict we ran into with repository-dist. Sadly, while the example I built seems like it should reproduce the issue, I somehow misconfigured apt-cacher-ng on my test VM and wasn't able to reproduce the issue as a result. Need to come back to this.

Remove GRUB boot menu distro icons[edit]

Date: 2024-11-20

Removed the weird-looking distro icons for Kicksecure and Whonix from the corresponding GRUB menus. These looked out-of-place, and would have probably continued to look out of place even if they weren't static.

2024-11-19[edit]

Audit sudoers configuration files[edit]

Date: 2024-11-19

Audited Kicksecure and Whonix's sudoers configuration files. Shared results of the audit with Patrick.

live-build, use security.debian.org when bootstrapping[edit]

Date: 2024-11-19

Added the ability for live-build to use a security mirror of the user's choice when bootstrapping an ISO build with mmdebstrap. Added changes to the mmdebstrap upstream merge request, merged them into my main live-build fork branch, and added code to derivative-maker that uses the new feature.

2024-11-18[edit]

Research ArchiveBox[edit]

Date: 2024-11-18

Found answers for each of the questions we had about ArchiveBox's functionality and installation sources, and recorded them under the ArchiveBox task in dev/todo.

More live-build work[edit]

Date: 2024-11-18

Fixed an issue where the kernel packages were hardcoded to the amd64 architecture in derivative-maker's live-build configuration.

Also attempted to add security mirror support to our version of live-build's mmdebstrap mode. This ended up failing because of multiple hurdles that were hit - one has to pass entire source lines to mmdebstrap in order for it to work in this kind of multi-mirror setup, but at the same time passing entire source lines to live-build as bootstrap mirrors causes it to misbehave badly when writing the chroot's sources.list file. This will require further development to make work right.

Debug and fix ISO build failure on Qubes OS[edit]

Date: 2024-11-18

Reproduced, debugged, fixed, and tested the fix for an issue that would result in ISO build failures on Qubes OS. (/home was being mounted with nodev, causing live-build to break.)

2024-11-17[edit]

Review and clean up sdwdate's url_to_unixtime component[edit]

Date: 2024-11-17

Did a security review on url_to_unixtime. Found a few minor issues, documented them, also documented things that looked good. Forked sdwdate and pushed fixes for all fixable issues to my fork for review.

Test hardened JSON parsing in Tor Browser version detection[edit]

Date: 2024-11-17

Created and executed a full test plan for the Tor Browser version detection code. It is now ready for review.

Test plan:

* [x] Install updated packages
* [x] Ensure Tor Browser is not installed
* [x] Run AnonDist. Finds correct version of Tor Browser and offers to install it?
* [x] Installation succeeds?
* [x] Update derivative-maker
* [x] Sync tb-updater and developer-meta-files with updated versions
* [x] Run `dm-packaging-helper-script pkg_tor_browser_version_update`. Correctly updated normal, alpha, and arm64 browser versions?
* [x] Run tb-updater unit test with `bash -x unit_test`. Passes?

Harden JSON parsing in Tor Browser version detection (wip)[edit]

Date: 2024-11-17

Wrote code that made parsing JSON for Tor Browser version detection significantly safer. This still needs to be thoroughly tested and peer-reviewed, but it's working pretty decently so far. Implementation is documented on the dev/todo page.

Polish archiver script, begin mass link archival[edit]

Date: 2024-11-17

Added the last bit of needed polish to the archiver script (skipping archive.org Wayback Machine links), then started the script running. It may take a very long time to finish archiving everything, but it runs unattended and rate-limits itself, so it should work.

2024-11-16[edit]

Write mass link archiver script[edit]

Date: 2024-11-16

Mostly finished a script that extracts all links from the Kicksecure and Whonix wikis, and archives them using archive.today if necessary. Uses mediawiki-shell's existing features to do link extraction. The script still needs to omit archive.org links and onion links, but that's about the only feature it's missing. The script intentionally operates very slowly, in order to avoid overloading the archive.today service.

Enhance mediawiki-link-to-archive with archive.today support[edit]

Date: 2024-11-16

Wrote the code needed for adding archive.today links to the Wiki, documented the intended behavior of the code, and documented followup steps that need to be done in order to deploy it.

Review kloak makefile enhancements[edit]

Date: 2024-11-16

Reviewed contributed enhancements to kloak's makefile, suggesting several changes and commenting on follow-up changes that would be required.

2024-11-15[edit]

Research archive.today link protection operation[edit]

Date: 2024-11-15

Researched what steps would be needed to archive all pages linked to on the Kicksecure and Whonix wikis, and studied how to best add those links to the wikis. Added all researched info to dev/todo page, including adding a task for making the archive.today frontend capable of extracting the date and time of the last snapshot.

Redo Tor Browser version detection logic in dm-packaging-helper-script[edit]

Date: 2024-11-15

The logic for detecting Tor Browser versions that I originally wrote worked, but used a non-ideal method of version detection that was different than code already present in tb-updater. To resolve this, pkg_tor_browser_version_update now actually uses tb-updater's Tor Browser version detection code, giving us a single source of truth for both tools. Also fixed an easy-to-resolve Shellcheck issue while I was there.

Polish archive.today frontend, add to helper-scripts[edit]

Date: 2024-11-15

Finished the Python-based archive.today frontend. Both Tor and clearnet access work. Added to helper-scripts, deleted the now-obsolete repo used to share the WIP version with Patrick .

2024-11-14[edit]

Finish most of py-archive-today's features and publish on Github[edit]

Date: 2024-11-14

The tool is now capable of both archiving new URLs and searching for already archived ones. Unlike the Go frontend it draws inspiration from, it is able to detect when the page that is being archived is still being saved but isn't fully saved, and can wait until the page is fully saved, then spit out the final URL. This should make it significantly more useful.

Fix live-build crash due to apt-cacher-ng[edit]

Date: 2024-11-14

Finished creating a working fix for live-build crashing due to apt-cacher-ng HTTPS tunneling not being enabled. Required changes to repository-dist and derivative-maker. Fixes are published in my forks of both repos.

2024-11-13[edit]

Start developing archive.today CLI frontend[edit]

Date: 2024-11-13

Began working on an archive.today CLI frontend written in Python. Python was chosen primarily due to its memory safety, the very low number of third-party dependencies needed to handle web requests and parsing, and the trustworthiness of the one third-party dependency that I did want to use (namely Requests). So far the documentation/specification for the tool is written, the CLI parser is done, and finding archived pages works. Tor support and the ability to archive new pages are next on the todo list.

Debug live-build crash due to apt-cacher-ng[edit]

Date: 2024-11-13

ISO builds are crashing due to a poor interaction between apt-cacher-ng and the sources.list files we ship in anon-apt-sources-list and repository-dist. I did quite a bit of research into how to resolve this, but was only able to determine three less-than-ideal solutions, which are documented on the dev/todo page at https://www.kicksecure.com/wiki/Dev/todo#live-build_-_build_broken_-_kicksecure_repository_apt-cacher-ng_configurationarchive.org. Ultimately it looks like we'll probably end up having to work around this using live-build scripts, calamares, and debian-installer.

2024-11-12[edit]

Test and review archive.today CLI frontend[edit]

Date: 2024-11-12

Tested the archive.today frontend, documented how to make it work and what it does so far. Also filed a feature request, and reviewed the code. So far it looks usable and appears to be safe, although the safety review is not complete yet.

Work on graphical-session.target bug in Qubes OS[edit]

Date: 2024-11-12

Attempted a fix, and researched possible solutions, including discussion with Marek.

2024-11-11[edit]

Implemented Tor Browser version detection in dm-packaging-helper-script[edit]

Date: 2024-11-11

Reads from Tor's website and from Sourceforge to determine the latest versions of Tor Browser, Tor Browser Alpha, and Tor Browser ARM64. Automatically updates the tbb_hardcoded_version files from tb-updater with the retrieved info.

Research doas suitability for Kicksecure and Whonix[edit]

Date: 2024-11-11

Investigated whether doas was usable in Kicksecure, whether it would work around the sudo faillock bugs we were encountering, if it was possible to port our sudoers config to doas, and if possible, how much work it would be. Posted all results on the Whonix forums at https://forums.whonix.org/t/replace-sudo-with-doas/17482/18archive.org.

Start testing archive.is utility[edit]

Date: 2024-11-11

Successfully built the archive.is utility using Go 1.22 from bookworm-backports. Unfortunately I wasn't able to finish testing the utility for functionality as archive.today's archiver seems to not be working, even in a Firefox browser window. Will try again tomorrow most likely.

Make dm-check-unicode look nicer[edit]

Date: 2024-11-11

Split up the whitelisting pattern so that each file went on its own line, by converting the whitelist pattern string into an array and then assembling it into a pattern string using sed.

Fix debian.list file installation in derivative-maker live-build support[edit]

Date: 2024-11-11

Tested a fix for the installation of /etc/apt/sources.list.d/debian.list that did not require renaming the file. Fix worked, pushed.

2024-11-10[edit]

Prepare to split security-misc into shared, desktop, and server packages[edit]

Date: 2024-11-10

As discussed at https://github.com/Kicksecure/security-misc/issues/187archive.org. Looked at all files in security-misc, and categorized them into shared, desktop, and server categories, with rationale for each choice. Currently available for discussion at https://forums.kicksecure.com/t/splitting-security-misc-into-shared-desktop-and-server-packages/674archive.org, will implement once consensus is reached.

File Calamares feature request for specifying filesystem restrictions[edit]

Date: 2024-11-10

Filed a feature request to Calamares, requesting that distros be given the ability to restrict what filesystems are used at what mountpoints. This could be used to avoid the root-on-fat32 issue the user at https://forums.kicksecure.com/t/kicksecure-installation-cannot-set-timezone-link-creation-failed-target-usr-share-timezone-link-name-etc-localtime/652archive.org ran into.

Make derivative-maker install live-build during build process[edit]

Date: 2024-11-10

Kicksecure now has a live-build fork and submodule in derivative-maker, but was not installing live-build automatically. The code for this has now been written and tested.

Refactor GRUB themes[edit]

Date: 2024-11-10

The GRUB themes we're using as a base had some font files shipped alongside that were difficult to audit. Some of them were also derived from the Ubuntu font family, who's license is considered non-free in Debian. There was also lots of duplicate code between the three GRUB themes for Kicksecure, Whonix-Gateway, and Whonix-Workstation. To resolve this, the GRUB themes were refactored, the Ubuntu font was replaced with Inter, and the custom GRUB fonts are generated at package build time from the originals already present in the Debian archive.

2024-11-09[edit]

Finish testing refactored dm-packaging-helper-script[edit]

Date: 2024-11-09

Tested almost all features of dm-packaging-helper-script, with the exception of those that write to Git repositories. Fixed lots of bugs in the process. Ready for final review.

2024-11-08[edit]

Finish refactoring dm-packaging-helper-script, start testing[edit]

Date: 2024-11-08

All functions of the original dm-packaging-helper-script are now implemented, with the exception of those that are outdated and did not need to be reimplemented. Currently testing all of the functions one by one, fixing bugs as I go. I've currently managed to at least somewhat test (and if necessary, repair) everything up to and including pkg_git_commit_readme. The current state of the refactor is now public as well.

Finish initial review of IPv6 support PRs[edit]

Date: 2024-11-08

Finished reviewing the changes in the IPv6 support PRs. Still need to test them and see how they work.

2024-11-07[edit]

Begin reviewing IPv6 support PRs[edit]

Date: 2024-11-07

Reviewed some of the PRs mentioned in https://forums.whonix.org/t/add-ipv6-support/19893archive.org for correctness and potential malicious behavior. Left several comments where things looked incorrect. So far I've reviewed the whonix-gw-network-conf, whonix-ws-network-conf, anon-gw-anonymizer-config, and whonix-firewall PRs. The only really strange commit I've seen so far is https://github.com/Whonix/whonix-firewall/pull/10/commits/4e202b11e84168d3415a4637768df6a692de6841archive.org, which references some IPv6 addresses that don't seem to be specified anywhere else.

Remove superfluous icons from GRUB themes[edit]

Date: 2024-11-07

In the interest of keeping a smaller attack surface and using less disk space, Patrick requested that I remove icons for other operating systems from the Kicksecure and Whonix GRUB themes. This is now done and tested.

Polish dummy-dependency script[edit]

Date: 2024-11-07

Discussed needed improvements with Patrick, implemented and tested them.

2024-11-06[edit]

Further progress refactoring dm-packaging-helper-script[edit]

Date: 2024-11-06

Currently finished with all commands up to and including pkg_need_version_bump_do.

Write dummy-dependency script[edit]

Date: 2024-11-06

Wrote a script that dynamically generates, and optionally installs, dummy packages that can be used to work around dependency bugs in other packages. The script works in my tests. Also added the needed dependency on equivs to helper-scripts, and ensured helper-scripts built properly after my changes.

Implement and publish minor fixes for metapackages[edit]

Date: 2024-11-06

Published updates to kicksecure-meta-packages and anon-meta-packages, following all feedback from https://forums.kicksecure.com/t/metapackages-tweak-suggestions/663/2archive.org.

2024-11-05[edit]

Debug apt solver problems with Recommends and Suggests[edit]

Date: 2024-11-05

Discussed issues with the behavior of apt recommends with Patrick. After much testing, a possible bug was discovered in which a suggests link could result in a package being incorrectly retained on the system. It remains to be seen whether this is reasonably possible to solve or not.

More dm-packaging-helper-script refactoring[edit]

Date: 2024-11-05

Currently have completed everything up to and including the pkg_git_reset function.

Suggest addition of a Weak-Depends field to debian/control[edit]

Date: 2024-11-05

Sent a detailed email to the debian-devel mailing list describing the issue of recommended packages pulling in too much (what I called "Recommended bloat") and how to solve it using Patrick's "Weak-Depends" suggestion.

Fix Kloak default values[edit]

Date: 2024-11-05

Fixed inconsistent info about default timeout and delay values in kloak. Also commented on the rationale for the exact manner in which the fix was done.

2024-11-04[edit]

Continue refactoring dm-packaging-helper-script[edit]

Date: 2024-11-04

Finished framework code, began implementing the actual commands supported by the script. In particular, the pkg_descr_creator, pkg_descr_merger, pkg_descr_merge_all, and internal_descr_writer functions got a major overhaul, adding support for discrete Kicksecure and Whonix projects to the code (this functionality didn't exist before and was marked as "TODO" in the original implementation). All command functions from the top of the original script down to pkg_compat_delete are currently implemented. Still need to test everything, and there are lots more functions to copy over and adjust, but it's coming along nicely.

2024-11-03[edit]

Review Whonix metapackages, post Kicksecure metapackage review on forums[edit]

Date: 2024-11-03

Posted the Kicksecure metapackage review for discussion. Also reviewed Whonix's metapackages briefly, only saw one potentially mis-located package, that being hunspell, which was already mentioned in the Kicksecure metapackage review and which is now documented in the review Github gist.

Finish Whonix and Kicksecure GRUB themes[edit]

Date: 2024-11-03

Finally have all of the details of the GRUB themes for Whonix and Kicksecure worked out. Branches of each repo that needed modifications are present in the dev/todo list and moved to the review queue.

2024-11-02[edit]

Begin refactoring dm-packaging-helper-script[edit]

Date: 2024-11-02

Started the work of refactoring dm-packaging-helper-script. The end-goal is to make it easy to understand, more maintainable, and to remove the use of environment variables as a primary method of passing data to the script. Currently have most of the initialization and framework code laid down, and have gotten an understanding of how the existing script works in general. This is in preparation for adding tb-updater version update functionality to the script.

2024-11-01[edit]

Polish Whonix GRUB themes[edit]

Date: 2024-11-01

Got both Whonix and Kicksecure GRUB themes looking and working properly. Had one final question for Patrick (do we want to support people switching between BIOS and UEFI modes), once that's answered I'll be able to make any final changes, then push to Git.

Document Super Grub2 Disk usage[edit]

Date: 2024-11-01

Documented how to install and use Super Grub2 Disk in the Broken Boot Wiki page. Documentation includes a description of how each boot mode works and when it should be used.

2024-10-31[edit]

Review Kicksecure metapackages[edit]

Date: 2024-10-31

Reviewed the Kicksecure metapackages, noting down potential ways to improve on the existing structure. Also wrote a small script for visualizing dependency interactions, which may be handy for future review. I did not manage to review the Whonix metapackages yet, though I did mention some things related to Whonix in the review. The review itself can be seen here: https://gist.github.com/ArrayBolt3/1312aa401d0b7ade970210b3f526f9e8archive.org

Polish GRUB theme for Kicksecure[edit]

Date: 2024-10-31

Made the GRUB theme for Kicksecure look nice and work well. Most issues with the previous theming have been solved, with the only remaining issue being one that we may not care about.

Review Super Grub2 Disk functionality[edit]

Date: 2024-10-31

Tested Super Grub2 Disk's ability to boot installed Kicksecure systems. It works really well, for both encrypted and unencrypted installations. Did not test LVM. Might be a good idea to add info about this to the broken boot recovery page.

Research TCG DRTM[edit]

Date: 2024-10-31

Researched what a Dynamic Root of Trust for Measurement is, how it is useful, and what implementations exist for x86 systems. Added relevant documentation and explanations to the confidential computing page.

2024-10-30[edit]

Fix live-build dracut loopback boot bug[edit]

Date: 2024-10-30

Dracut requires the use of a different kernel parameter for loopback ISO booting than live-boot requires. Added support to live-build to set the parameter properly depending on the initramfs image type in use.

Investigate loopback.cfg boot support[edit]

Date: 2024-10-30

Investigated the feasibility of booting Kicksecure as a loopback ISO using SuperGrub2Disk. Ultimately, it looks like it can be made to work, but there are two hurdles that need to be resolved first, both of which are now documented in dev/todo. Next steps are to see if the dracut bug is still an issue in Trixie, and to make another live-build merge request.

Fix append-once and livecheck bugs[edit]

Date: 2024-10-30

Fixed a bug in append-once where multi-line string appends could fail if one of the lines in the multi-line chunk being appended already existed in the target. Also fixed a bug in livecheck where lsblk ran too early, resulting in the system erroneously reporting it was running in read-only mode on some boots.

2024-10-29[edit]

Create prototype of GRUB theme for Whonix[edit]

Date: 2024-10-29

Tried porting the Kicksecure GRUB theme to Whonix. Ran into some issues, mainly with screen resolution on BIOS-based VirtualBox VMs. Also need to explore the creation of separate thems for Whonix Gateway and Whonix Workstation - I had initially not done this since I wasn't sure how to fit the extra info into the design of the GRUB theme. Prototype screenshots shared with Patrick.

Test live-build suitability for generating non-live images[edit]

Date: 2024-10-29

Experimented with using live-build with --system normal --binary-image hdd options for generating preinstalled, non-live systems. It's not as smooth of an experience as generating live images, but it is usable and potentially suitable for replacing grml-debootstrap. Recorded findings in the dev/todo page.

Create GRUB theme for Kicksecure[edit]

Date: 2024-10-29

After a conversation with Patrick, we decided to not use desktop-base as part of the implementation of the GRUB theme. Instead I took one of the GRUB themes linked in the Kicksecure GRUB theme task, modified it to work correctly with Kicksecure, and tested it. It may need another iteration of work since the theme will probably have distorted aspect ratio in some scenarios. (Edit: actually, this will definitely take another iteration of work because the BIOS GRUB theme will NOT work in VirtualBox. I set the resolution to 1280x960, which VirtualBox's graphics does not support as a "standard" resolution. 1024x768 works however.)

Report ISN security issue to IETF[edit]

Date: 2024-10-29

Wrote a vulnerability report and sent it. Report is at https://mailarchive.ietf.org/arch/msg/tcpm/_T3Itdx06xzAgwcfe90KP_vTCq8/archive.org. This is intentionally public, as the IETF apparently handles their vulnerability reports publicly, as confirmed by the fact that someone with access to the non-public mailing list I CC'd on the message forwarded it to the mailing list after the email system apparently failed to deliver the message to the right mailing list.

2024-10-28[edit]

Make livecheck only run detection once[edit]

Date: 2024-10-28

Added code to livecheck so that it would only run live mode detection once, and thereafter would use cached data about the system state. Also made the check interval way longer to reduce resource consumption.

Start generating desktop-base compliant branding[edit]

Date: 2024-10-28

This started as a mission to create a GRUB theme or GRUB background image for Kicksecure. Doing this revealed that the GRUB background image mechanism in Debian depended on a package called desktop-base, which turns out to be a theming/branding package that affects many different parts of Debian. It uses the Debian alternatives system to allow derivatives or vendors to override the branding as desired. It is undesirable to entirely supplant this package with Conflicts/Replaces, since that could theoretically cause breakage. However, pulling it in requires making a lot of Kicksecure-specific branding to override the Debian-specific bits. So far I have prepared GRUB background images, Kicksecure emblems, and multiple different variants of the logo, using Inkscape and GIMP. I stopped here however, as I realized I didn't know where some of the data I needed was (in particular I don't know where the default wallpaper in Kicksecure is stored), and I wasn't sure if desktop-config-dist was the right package to do it in.

Research proving issues with TCP ISNs[edit]

Date: 2024-10-28

Did research to determine how to prove that ISNs that integrate time values are dangerous. Shared with Patrick.

More improvements to Qubes event buffering support[edit]

Date: 2024-10-28

Implemented all requested changes from another reviewer. Ensured that the code still built properly, smoke-tested on Qubes OS R4.3, and submitted for another review.

Review kloak spec file for Fedora[edit]

Date: 2024-10-28

Ensured that a contributed spec file for Fedora was non-malicious. Also verified that the file successfully build a kloak RPM.

Fix remaining derivative-maker live-build patch issues, submit for review[edit]

Date: 2024-10-28

All known issues with derivative-maker live-build support have now been worked out. PR is marked as ready for review.

2024-10-27[edit]

Test derivative-maker with live-build patch, add debian-installer support[edit]

Date: 2024-10-27

Tested a few other build modes of derivative-maker and ensured they worked properly even with the new code changes. After that, I worked on getting debian-installer rebranded and working properly, which proved to be a larger job than expected. In the end, things seem to be working very well, with only a few rough edges that need fixed up.

2024-10-26[edit]

Fix bugs in derivative-maker live-build support[edit]

Date: 2024-10-26

Identified several issues with the new live-build support by comparing the list of all files on a VMs installed using old and new ISOs. All of these issues ended up having relatively simple fixes, which I have (mostly) verified work properly. At this point I just need to test things thoroughly, then live-build support should be ready for review

2024-10-25[edit]

Add BTRFS support to live-config-dist[edit]

Date: 2024-10-25

Added BTRFS as an option on the Partitions screen, using Calamares configuration options in live-config-dist. Tested by installing a BTRFS-based installation of Kicksecure, worked for me. Added btrfs-progs as a dependency to kicksecure-recommended-cli since it's necessary for a BTRFS installation to work.

Release second prototype of derivative-maker live-build support[edit]

Date: 2024-10-25

The ISO build is now working without errors on my end, and after an audit of packages and files on old and new ISOs it looks like most major issues have been resolved. Forks of derivative-maker, live-build, dist-base-files, live-config-dist, and anon-apt-sources-list have been updated with most recent iteration of code.

Prepare VirtualBox link update script for review[edit]

Date: 2024-10-25

Replaced custom Python script with str_replace, added wiki editing capabilities, placed in developer-meta-files. Tested live by using https://www.kicksecure.com/w/index.php?title=Testpage&stable=0archive.org, code seemed to work as intended. Code has been given to Patrick to review, it should be tested more thoroughly before being deployed in production.

More polishing of derivative-maker live-build builds[edit]

Date: 2024-10-25

Finally got the ISO to build again. Detection of kernel parameters is done using grub-mkconfig rather than direct configuration file parsing, user creation is done by dist-base-files as previously, apt list files are correct and are handled by anon-apt-sources-list and repository-dist. Some changes were needed to individual packages, and there are still some issues (notably the user is created without sudo privileges due to a mistaken rm I added that was cleaning up a file too early). However, this is much closer, and I expect to be able to publish the code I have locally relatively soon.

2024-10-23[edit]

Continue polishing derivative-maker live-build support[edit]

Date: 2024-10-23

Attempted to fix up kernel parameter autodetection at ISO build time, user account creation method, and apt configuration files. Also switched to multi-stage live-build rather than using lb build directly. I did not manage to get a working ISO before the day was over, however I made significant progress on it and believe that the revamped code should be able to produce working ISOs soon. Updated code will be published once it can successfully build an ISO.

Prototype automatic URL updating code for VBox links[edit]

Date: 2024-10-23

Wrote a prototype implementation for https://www.kicksecure.com/wiki/Dev/todo#automate_VirtualBox_version_update_in_the_wikiarchive.org that can read from VirtualBox's download page, read from the Wiki, determine if the Wiki's VBox URL is up-to-date, and update it if not. Currently it does not update the Wiki itself, but instead prints out the text it would write. Needs some internal polish (specifically it should use Kicksecure's str_replace) and needs the actual Wiki write functionality implemented, then it should be ready to use.

2024-10-22[edit]

Polish derivative-maker live-build support[edit]

Date: 2024-10-22

Attempted to fix several issues with the live-build ISO prototype. This led to discovering a major bug in live-build that made it very difficult to set environment variables properly. Bug report at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085869archive.org. Also discussed future live-build tasks and design with Patrick.

2024-10-21[edit]

Finish derivative-maker live-build support prototype[edit]

Date: 2024-10-21

Got the live-build code to build an ISO without errors. Also fixed ISO GRUB screen branding. Remaining TODOs are noted down in https://www.kicksecure.com/wiki/Dev/todo#ISO_-_port_to_live-buildarchive.org and related tasks. derivative-maker prototype code is located at https://github.com/ArrayBolt3/derivative-maker/tree/arraybolt3/live-buildarchive.org. live-build fork needed for build is located at https://salsa.debian.org/ArrayBolt3/live-build/-/tree/arraybolt3/lb-dracut?ref_type=headsarchive.org. live-config-dist fork needed for installability is located at https://github.com/ArrayBolt3/live-config-dist/tree/arraybolt3/live-buildarchive.org.

Also tested building Kicksecure on Kicksecure using live-build. This worked perfectly - no changes needed to be made to the prototype code to allow the build system to function properly.

2024-10-20[edit]

Integrate live-build into derivative-maker[edit]

Date: 2024-10-20

Added the ability for derivative-maker to run live-build to generate an ISO rather than using the usual ISO generation steps. I did not manage to push the derivative-maker changes to Git yet because I ran into a large number of bugs in the process (remote and local repo conflicts, random SIGPIPE errors making true exit non-zero, incompatibilities between my live-build local repo implementation and reprepro, etc). Most of these issues are now resolved. I fixed the local repo handler in live-build to work with reprepro repositories. Fix in commit https://salsa.debian.org/live-team/live-build/-/merge_requests/369/diffs?commit_id=eb1813e7bd211373060152a8bde140301576756carchive.org.

Polish configuration interface for Qubes OS event buffering[edit]

Date: 2024-10-20

At Marek's suggestion (https://github.com/QubesOS/qubes-gui-daemon/pull/149#issuecomment-2421005914archive.org), I renamed ebuf_max_delay to events_max_delay in the configuration for qubes-gui-daemon. I also had to rebase my changes to qubes-gui-daemon to the tip of main since other code had been changed since I opened the PR. The code change was tested and verified to work.

This took significantly longer than expected because I had to fix updates on Qubes R4.3 (turns out they don't work right out of the box), then was unceremoniously dropped to a Dracut emergency shell upon reboot because apparently my Qubes installation's root filesystem decided to become slightly corrupted and needed a manual fsck to fix. I did manage to get the system back up-and-running thankfully, and did the work mentioned above once my system was back to functional.

2024-10-19[edit]

Fix pam_faillock unlock on reboot or timeout[edit]

Date: 2024-10-19

Determined why pam_faillock was automatically resetting the tally on reboot and fixed it. Also kept it from resetting due to a timeout to the best of my ability (although due to limitations in pam_faillock this could not be done perfectly). Commit: https://github.com/ArrayBolt3/security-misc/commit/690e8dd826d1cb39c0c12c03792781862cc2dd23archive.org

Note that this does NOT fix the issue where the use of passwordless sudo resets the tally. This may require assistance from upstream, and investigation into that is still ongoing.

2024-10-18[edit]

Debug pam_faillock[edit]

Date: 2024-10-18

Kicksecure uses pam_faillock to provide bruteforcing protection for user account passwords. Unfortunately the existing PAM configuration allowed the tally and lock to get reset in multiple unintended ways. The root cause of this was determined and a proof-of-concept fix developed, however a deployable fix has not yet been determined. One of the problematic scenarios has a bug filed in linux-pam for it: https://github.com/linux-pam/linux-pam/issues/842archive.org

2024-10-17[edit]

Further improvements to Kicksecure live-build[edit]

Date: 2024-10-17

Wrote another patch for live-build and attempted to upstream it, this allows us to set --error-on=any on apt update calls within live-build. https://salsa.debian.org/live-team/live-build/-/merge_requests/371archive.org Tested it and it appears to work. Also tested a bunch of additional options Patrick suggested using, which removed more unnecessary packages and improved the build process. Also documented that the custom fork of live-config-dist is no longer necessary.

2024-10-16[edit]

Fix up package installation on Kicksecure live-build[edit]

Date: 2024-10-16

Fixed a couple of very annoying bugs in the live-build code for Kicksecure. There were a bunch of weird firmware files and display drivers getting installed incorrectly, which now no longer get installed, and the user had to explicitly confirm that they wanted to remove a bootloader package at one point during the build, which they now no longer get prompted for. I also got a merge request made for mmdebstrap support in live-build, which is visible here: https://salsa.debian.org/live-team/live-build/-/merge_requests/370archive.org

Additionally, I dug up the old live-build code from derivative-maker and extracted the core lb config command from that. This may be useful for future work on live-build.

At this point the ISOs being produced using live-build are of a reasonably high quality, and I believe it is time to get the live-build fork I've been using integrated into Kicksecure's Git repos and start using it as the default framework for ISO file generation in derivative-maker.

Rework Qubes OS event buffering pull request[edit]

Date: 2024-10-16

See https://github.com/QubesOS/qubes-gui-daemon/pull/149archive.org. Implemented all requested changes from all reviewers, rebuilt qubes-gui-daemon and qubes-core-admin-client with changes, and tested on Qubes OS R4.3. Another round of review has been requested.

2024-10-15[edit]

Implement mmdebstrap support in live-build[edit]

Date: 2024-10-15

Implemented and tested live-build mmdebstrap support. Code is visible at https://salsa.debian.org/ArrayBolt3/live-build/-/commit/0a8559b9d456a93284e726521a33f342ab469f8barchive.org. MR has not yet been opened against live-build upstream because of Debian infrastructure issues.

Create live-build local apt repo MR, more live-build debugging[edit]

Date: 2024-10-15

MR for local apt repo support in live-build: https://salsa.debian.org/live-team/live-build/-/merge_requests/369archive.org

The reason for strange firmware files becoming installed appears to be because of a firmware installation routine in live-build operating as intended (though since I'm building with contrib and non-free repos it seems to be pulling in a bit more than expected). Need some input on how to best handle that. I also diagnosed the reason for a "persistent mode" icon in the panel getting shifted over to the left, and created a patch here: https://github.com/ArrayBolt3/desktop-config-dist/commit/6b0ec41a2ec75b11dbe1b50d9040fb56761bc583archive.org

Prepare X event buffering Qubes OS pull request for re-review[edit]

Date: 2024-10-15

Added a signed integer overflow check to a potentially vulnerable area of the PR's code, and gave the code a short stress-test and functionality test using vmonaco's device fingerprinting test, Reddit, and YouTube. Resolved all conversations from Marek's review of the X event buffering PR, and requested a re-review.

2024-10-14[edit]

Debug Kicksecure live-build, implement local apt repo support[edit]

Date: 2024-10-14

Implemented local apt repo support in live-build and pushed to Git on Debian Salsa (their GitLab instance). Sadly due to a glitch in Salsa, I was unable to open a merge request, and am awaiting a reply from the Salsa administrators. Also debugged issues with installed and omitted packages in the Kicksecure live-build project. Ultimately I wrote an email to the debian-live mailing list because of particular extra packages getting installed for no apparent reason: https://lists.debian.org/debian-live/2024/10/msg00007.htmlarchive.org

2024-10-13[edit]

Continue effort to pork Kicksecure to live-build[edit]

Date: 2024-10-13

Got significantly further than on 2024-10-10. The ISO now boots "out of the box", installs "out of the box", and for the most part looks and works like a standard Kicksecure ISO. Further development tasks are listed in the Github repo for the project at https://github.com/ArrayBolt3/kicksecure-live-buildarchive.org.

2024-10-11[edit]

Rework Qubes OS kloak patch[edit]

Date: 2024-10-11

The Qubes OS "X event buffering" patch at https://github.com/QubesOS/qubes-gui-daemon/pull/149archive.org was reviewed by a Qubes OS developer and several changes were requested. I got Qubes OS R4.3 installed on my primary development system, prepped it to build Qubes OS packages, and then did development and testing of the patch there. All requested changes were implemented, many of the comments were resolved (though I left some open for further discussion and review). The patch was also tested for functionality and appears to work well so far.

2024-10-10[edit]

Begin effort to port Kicksecure to live-build[edit]

Date: 2024-10-10

I downloaded the latest live-build from https://salsa.debian.org/live-team/live-buildarchive.org (using the tip of the master branch), and merged in https://salsa.debian.org/live-team/live-build/-/merge_requests/353archive.org so as to enable use of dracut. I then created a Debian Sid chroot within my Kicksecure development virtual machine, and built and installed live-build within it. (live-build works surprisingly well inside a chroot environment.) I then researched live-build's features, as well as how to use it properly, and then worked on getting a basic Kicksecure-like ISO built using it.

Due to some oddities surrounding package installation, dracut repeatedly got uninstalled at some point during the build process, resulting in the build crashing later on. To fix this, I modified the code of live-build to avoid installing packages that were the source of the issue (namely live-config and live-boot). Additionally, the security-misc package was crashing the build because it was intentionally failing to install itself when it detected there were no users with sudo rights on the system. This ended up requiring a live-build hook to work around, which is not a desirable solution long-term. Quite a few very long builds had to be done before I finally got a working ISO, and I had to tweak the source code of live-build slightly, but I was successful at getting the ISO to both build and boot to a Kicksecure desktop. The source code of my live-build fork is at https://salsa.debian.org/ArrayBolt3/live-build/-/tree/arraybolt3/lb-dracut?ref_type=headsarchive.org. The live-build configuration that finally worked somewhat for me is at https://github.com/ArrayBolt3/kicksecure-live-buildarchive.org.

The finished ISO had quite a few problems:

  • A generic-looking Debian live GRUB theme is shown on bootup.
  • Due to a dracut bug in bookworm, the ISO will drop you to a dracut emergency shell if you attempt to boot it by just pressing "Enter" when prompted. You must press e to edit the boot options, and add rd.live.overlay.overlayfs=1 to the end of the kernel command line to get the ISO to boot.
  • When it does boot, you will be shown a very strange "Welcome to LXQt" window with no window decorations or anything. No window manager will be loaded.
  • To get past this state, you have to press Ctrl+Alt+F2 to get to a TTY, then go to /etc/lightdm delete the lightdm.conf.d directory recursively, and edit lightdm.conf so it contains no uncommented autologin configuration. Then you have to run sudo systemctl restart lightdm and you are presented with a login greeter. At the greeter screen, click on the wrench logo in the panel at the top of the screen, and select an XFCE session to log into. Then log in with username "user" and password "live", and now you will see a Kicksecure desktop.
  • The user is shown as being "Debian live user" in the application menu, with a prominent Debian logo applied. This is wrong.
  • More software than expected ends up preinstalled, such as "Zutty" (Zero-cost Unicode Teletype, which somehow ends up becoming the default terminal), Tor Browser Donwloader, and lximage-qt for instance.
  • Installation fails with a bootloader-related error, likely because we have a tweaked version of a bootloader install script that no longer applies, and my configuration doesn't preload the various GRUB versions into the on-ISO repository.
  • The notifier in the upper-right corner of the screen showing which mode is active shows "Live" with a green light, rather than "ISO" with a disc icon.

Additionally, my test build used only remote packages, not locally built ones.

Next steps:

  • Figure out a more elegant way of excluding bad packages other than modifying the source code of live-build. If modifications are absolutely necessary, add a blacklist feature and then use it.
  • Determine why additional software is getting installed such as Zutty and bits of LXQt, and make it stop happening. (This is probably caused by package dependencies somehow.)
  • Fix all the bugs.
  • Add the ability to install packages from a local repo and test it.
  • See if live-build can be used for building more than just live images. Some of the docs made it sound like it could be used for making preinstalled images, which could potentially be used for building VirtualBox and other hypervisor iamges using live-build too.
  • Integrate live-build into derivative-maker (or the other way around?) so that source code cloning, package building, and ISO assembly can be done in one command like what is currently possible with derivative-maker.

2024-10-09[edit]

KeePassXC secret service feature request[edit]

Date: 2024-10-09

Attempted to identify what would need to change in KeePassXC to allow it to act as a distro's default secret service, and posted a feature request for it here: https://github.com/keepassxreboot/keepassxc/issues/11342archive.org

Research Edgeless Systems' confidential computing[edit]

Date: 2024-10-09

Looked into several confidential computing solutions offered by Edgeless Systems, namely Constellation, Contrast, and Continuum. Added notes about them to the confidential computing Wiki page.

Research Enclaive[edit]

Date: 2024-10-09

Looked into Enclaive and noted them in the list of cloud providers. Also discovered Gramine for protecting individual apps and containers with Intel SGX, added them to the resources list and also moved Intel SGX out of the "not useful technologies" list.

Research Intel TDX[edit]

Date: 2024-10-09

Read through https://cdrdv2.intel.com/v1/dl/getContent/690419archive.org and did further research to determine how suitable Intel TDX looked for true confidential computing. Many of the features looked quite useful, but some of them were rather disappointing and I do not believe Intel TDX actually provides strong security guarantees against a determined cloud-provider-level adversary.

Debug Calamares issues[edit]

Date: 2024-10-09

Researched, fixed, or followed up on all outstanding Calamares issues:

Not all of these were immediately fixable, but as much as can be done with them has been. Notably the issue with the fallback bootloader cannot be easily fixed until the migration to live-build.

2024-10-08[edit]

Research Secure Cloud hardware[edit]

Date: 2024-10-08

Researched all items in the list, categorized as appropriate and made useful summaries for studying technologies. Raptor Engineering's POWER9 machines looked particularly promising.

Rewrite Broken Boot page[edit]

Date: 2024-10-08

Rewrote https://www.kicksecure.com/wiki/Broken_Bootarchive.org to provide training and debugging assistance to users. Ultimately boot-info-script was NOT recommended as it could print sensitive LUKS data.

2024-10-07[edit]

Upstream tirdad functionality into Linux[edit]

Date: 2024-10-07

Created a kernel patch that adds a new parameter, tcp_rand_isn, to the Linux kernel. Testing was done with Debian Trixie. The effort to upstream the patch can be seen here: https://lore.kernel.org/netdev/20241007212735.460dc0eb@kf-ir16/T/#uarchive.org

tirdad security improvements[edit]

Date: 2024-10-07

Wrote three pull requests against tirdad, each one independent of the others and applicable without needing to apply the others. One of them uses kernel live patching in lieu of page table modifications, one of them makes all generated ISNs purely random, and one of them fixes some security concerns in a string printing helper. PRs listed at https://www.kicksecure.com/wiki/Dev/todo#tirdad_-_fix_code_issuesarchive.org

tirdad functionality review[edit]

Date: 2024-10-07

Spent a good amount of time reviewing how tirdad worked, what its end-goal was, whether it succeeded in that end-goal or not, and also experimenting with various code changes such as simplified ISN generation, use of the kernel live patching API. Ultimately:

  • It works. I was able to verify that its function hooks are called when a new TCP connection is made, and that the numbers it genrates are (pseudo)random.
  • The internal functionality is very complex, seemingly needlessly so.
    • The entire hotpatching mechanism is able to be swapped out with live patching quite easily, making the code dramatically simpler.
    • The ISN generator is still integrating into its calculations connection info, similar to the original ISN generation code in the Linux kernel. But this is pointless - all that info is being integrated into a hash that is (by design) changed entirely every time a new connection is made, even if the source and destination ports are identical to what they were before. It's simpler, probably more secure, and potentially faster to just generate a random 32-bit number every time an ISN is generated.
    • It should be relatively simple to implement a kernel command line option that simply makes all ISNs random 32-bit numbers. Such a patch has a pretty good likelihood of being accepted upstream due to its simplicity, though it may have to wait until the next kernel merge window opens.

2024-10-06[edit]

Fix keyboard layout-related Calamares installation failure[edit]

Date: 2024-10-06

Determine root cause of https://forums.kicksecure.com/t/locale-layout-installation-error/611archive.org and pushed a fix at https://github.com/ArrayBolt3/live-config-dist/commit/fe3eb5da1a8a2c464026941c572e61de90d3e6e6archive.org. Tested to work with encrypted installations both in Russian (the language which was causing installation failures) and with German (the language which had been used most often to test the offending section of code previously).

Security review of tirdad kernel module[edit]

Date: 2024-10-06

Carefully studied the code of tirdad, a kernel module that hardens TCP initial sequence number generation. Results of the review were shared with the module author at https://github.com/0xsirus/tirdad/issues/23archive.org.

Review Intel SGX's suitability for confidential VMs[edit]

Date: 2024-10-06

Researched Intel SGX's use, functions, and vulnerabilities. Ultimately it appears security issues have been dealt with, but it does not appear useful for running private VMs. Added info to https://www.kicksecure.com/wiki/Dev/confidential_computing#Technologies_investigated_but_not_usefularchive.org recording this.

2024-10-05[edit]

Fix triggering of touchscreen features with kloak[edit]

Date: 2024-10-05

Tracked down root cause of https://forums.whonix.org/t/weird-magnifier-feature/20502archive.org, creating a kloak commit (https://github.com/ArrayBolt3/kloak/commit/d4e7b4c0428527ea002e1ea61839effc0cb5e88earchive.org), forum response (https://forums.whonix.org/t/weird-magnifier-feature/20502/12archive.org) and upstream bug report (https://gitlab.gnome.org/GNOME/gtk/-/issues/7060archive.org) based on my findings.

2024-10-04[edit]

Finish preparation of Qubes OS X event buffering PR[edit]

Date: 2024-10-04

Fixed the remainder of the TODOs for the X event buffering PR for Qubes OS. Also tested user-configurable buffer timing and confirmed that it worked as expected. The PR still needs tested on Qubes R4.3, but after that (and assuming there are no further modifications requeted by the developers), it's ready to go. Possibly-final code visible at https://github.com/QubesOS/qubes-gui-daemon/pull/149/filesarchive.org.

Research CPU-assisted memory encryption[edit]

Date: 2024-10-04

Mainly researched AMD SEV, study of Intel TME-MK had been done earlier. Recorded findings in Whonix's Dev/cloud page. Intel TME-MK is likely superior to AMD SEV for our threat model due to the fact that the hypervisor is allowed to provide its own encryption keys rather than relying on CPU-generated keys.

Study attestation features in pKVM[edit]

Date: 2024-10-04

Researched and discovered that pKVM does provide local attestation features, and that remote attestation against a pKVM host can be done via Verified Boot. Recorded findings in Whonix's Dev/cloud page at https://www.whonix.org/wiki/Dev/cloud#Confidential_VMsarchive.org

Dracut follow-up for systemd-cryptsetup bug[edit]

Date: 2024-10-04

Verified that https://github.com/dracut-ng/dracut-ng/issues/684archive.org was indeed solved and reported back.

Research secure cloud technologies[edit]

Date: 2024-10-04

Did a bunch of research on technologies like TPM, Intel TXT, Intel TME-MK, Xen, etc. Revamped secure cloud notes at https://www.whonix.org/w/index.php?title=Dev/cloud&stable=0archive.org with new info and attempted to put together a rough idea of what things would look like when properly implemented.

2024-10-03[edit]

Debug root cause of Dracut automount problems[edit]

Date: 2024-10-03

Found the root cause of boot issues when doing dracut automount, and reported it as a bug to the dracut developers. Bug report: https://github.com/dracut-ng/dracut-ng/issues/696archive.org

2024-10-02[edit]

Work on Dracut automount code[edit]

Date: 2024-10-02

Sadly this turned out to be broken on Debian. It looks like it's because an initqueue hook is insisting on finding a non-existent device and ignoring the fact that there's a usable root filesystem mounted to /sysroot. Further work is needed to get this to function properly.

Draft email to linux-mm mailing list for RamCrypt investigation[edit]

Date: 2024-10-02

Wrote a draft email as requested and shared it with Patrick over Matrix. Also did lots of study into no-fill cache mode to see if it is potentially usable for our desired purpose.

Investigating practicality of process memory encryption techniques using frozen cache and TRESOR/RamCryptarchive.org

Leave notes on libkpmcore pull request[edit]

Date: 2024-10-02

Posted more detailed rationale for hardening libkpmcore settings at https://invent.kde.org/system/kpmcore/-/merge_requests/54#note_1044980archive.org

Fix encryption checkbox bugs in Calamares[edit]

Date: 2024-10-02

Did necessary research, coding, and testing to fix UI bugs related to the "Encrypt system" checkbox in Calamares:

2024-10-01[edit]

Implement root fs automount for dracut[edit]

Date: 2024-10-01

Researched, designed, and implemented a prototype solution. Should be relatively easy to get into a mergeable state. PR: https://github.com/dracut-ng/dracut-ng/pull/694archive.org

Investigate using KeePassXC as a default secret service[edit]

Date: 2024-10-01

Researched possible solutions for using KeePassXC as the default secret service for Kicksecure. This may require upstream code contribution to be realizable, but it's pretty close to doable. Forum comment with findings: https://forums.kicksecure.com/t/error-storing-passphrase-in-keyring-the-name-org-freedesktop-secrets-was-not-provided-by-any-service-files/582/2archive.org

Polish kloak implementation for Qubes OS[edit]

Date: 2024-10-01

Fixed a bug in X event buffering code that resulted in GUI freezes. Also added preliminary configuration support, got rid of the ISAAC random number generator in favor of getrandom(), refactored the code to be more intuitive, and avoided buffering events that could potentially cause problems if buffered. PR comment: https://github.com/QubesOS/qubes-gui-daemon/pull/149#issuecomment-2387143732archive.org

Harden libkpmcore LUKS2 settings[edit]

Date: 2024-10-01

My original post asking for advise on how to proceed received no responses. and I only received one response on Matrix from someone who did not appear to be a KDE developer. To hopefully spark some further discussion, I filed an MR: https://invent.kde.org/system/kpmcore/-/merge_requests/54archive.org

Backporting just this change to Debian may be tricky as even if KDE is willing to go with this approach as-is, Debian might not be. We may still want to keep in mind the possibility of maintaining a fork of libkpmcore with our own secure defaults.

Debug Pipewire audio failure with Intel audio[edit]

Date: 2024-10-01

Hoping to get some hint as to what was going wrong, I ran pipewire, wireplumber, and pipewire-pulse in a terminal with verbose log output. The first run was done before switching to Pulseaudio, then a second run was done after switching to Pulseaudio and then back to Pipewire (which as discussed previously somehow "fixes" the audio device). No meaningful differences were visible in the logs when comparing them with Meld.

Since AC97 is Virtualbox's default audio device for Linux, it's probably in our best interest to just stick with it. If we have to get emulated Intel audio to work, the next step is probably to add additional debugging code to Pipewire to see where things go wrong. It may also be worthwhile to try some non-Pulseaudio-based audio applications (i.e. something that uses JACK or ALSA directly) to see what happens. Sadly I corrupted my Whonix VM pretty badly messing with Pipewire packages, and the Whonix server is only letting me download the latest release of Whonix very slowly, so I wasn't able to get further than this.

2024-09-30[edit]

Implement kloak insite qubes-gui-daemon[edit]

Date: 2024-09-30

Created a prototype proof-of-concept of qubes-gui-daemon with kloak functionality embedded into it. Also set up a Qubes OS build environment and tested the proof-of-concept implementation (which mostly works). Qubes OS pull request: https://github.com/QubesOS/qubes-gui-daemon/pull/149archive.org

Investigate disk and RAM encryption[edit]

Date: 2024-09-30

Researched TRESOR and RamCrypt. Task and finished research recorded here: https://www.kicksecure.com/wiki/Dev/todo#Cloud_virtualization_-_research_RAM-less_encryption_techniques_for_disk_and_RAM_encryptionarchive.org

2024-09-27[edit]

Debug audio failure with >2 GB RAM[edit]

Date: 2024-09-27

Verified bug under Debian, Ubuntu, and Whonix.

Discovered while testing with Ubuntu that I could switch to pulseaudio, play audio briefly, then switch back to pipewire and everything would work. Somehow pulseaudio "initialized" the audio device and then pipewire was able to keep using it, I guess?

Tried Pipewire from bookworm-backports, issue did not resolve.

Initially I thought that Arch Linux did not have this issue because of https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081965#5archive.org. With that in mind I looked at a diff between Arch Linux's Pipewire source code and Debian's Pipewire source code from backports. They were nearly identical with only a few non-suspicous-looking changes.

I then attempted to build Debian's Pipewire using build settings from Arch. This eventually worked, however installing the modded version of Pipewire did not resolve the problem.

As a sanity check, I then installed Arch Linux to see if the problem was reproducible there. It turned out it was reproducible, and the "initialize with pulseaudio first" hack also resolved the issue there.

Reported some of my findings at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081965#10archive.org and https://forums.whonix.org/t/virtualbox-intel-hd-audio-and-pipewire-incompatibility-audio-broken-after-increasing-ram-to-5-gb-no-sound-after-latest-updates-pipewire-bug/18211/27archive.org. I'm pretty sure this is an upstream bug at this point and will be hunting for it when I resume work on this.

Debug sysroot mount failure with dracut[edit]

Date: 2024-09-27

Tested use of live-build to make dracut-based live Debian images (building Trixie, Bookworm, and Bullseye images for testing). Things mostly worked, however the Bookworm image failed to boot with the same sysroot mount failure that Kicksecure is experiencing.

I then debugged the mount failure, and traced it to a difference between thw 90overlayfs module in Trixie and Bookworm combined with a missing feature in Bookworm. The full report is visible at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082891archive.org.

2024-09-26[edit]

Submit dracut-related encrypted Debian boot failure fix[edit]

Date: 2024-09-26

Submitted fix discovered earlier at https://salsa.debian.org/debian/dracut/-/merge_requests/37archive.org

Investigate using dracut's upstream overlayfs feature[edit]

Date: 2024-09-26

Kicksecure currently uses a Debian-specific filesystem overlay module for "live mode". dracut has the same feature already existing upstream, so we would like to switch to it.

Tested switching to it on Kicksecure, for some reason the dracut-native overlayfs module was silently skipped over despite being set up properly. Tested again on Trixie, everything just worked. Upstream bug comment: https://github.com/dracutdevs/dracut/issues/1565#issuecomment-2378133277archive.org

Investigate Pipewire audio issues[edit]

Date: 2024-09-26

Successfully reproduced Pipewire audio bug and device-level workaround (switching to AC97 audio) using Debian 13 (Testing). I didn't think it would be reproducible on Debian 13, but it was. Still need to investigate if Ubuntu has this problem. Left a comment at https://forums.whonix.org/t/port-from-pulseaudio-to-pipewire-for-audio-support/16879/49archive.org.

Resolve inability to boot encrypted Debian with dracut[edit]

Date: 2024-09-26

Bug link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078792archive.org If you install dracut on a Debian 13 (Testing) machine with unencrypted /boot and encrypted root, the system will fail to boot successfully upon next reboot.

The root cause of this turned out to be a missing runtime dependency in dracut. When using systemd within dracut (as Debian does by default), systemd-cryptsetup is necessary to unlock the disk. The dracut package does not depend on systemd-cryptsetup, and so the initrd is left with no way to decrypt the root partition. Adding systemd-cryptsetup to the dependencies of dracut before installation is enough to resolve the problem. (The result doesn't look very good, the user is left with a gray rectangle that doesn't even necessarily look like a text box, and there's no indication that they're supposed to type their passphrase, but at least the disk can be decrypted.)

Dracut gives no warnings when it generates an unusable initrd in this way, so I filed a bug report about it: https://github.com/dracut-ng/dracut-ng/issues/684archive.org I also commented on the existing Debian bug report with my findings: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078792#15archive.org The fix for the packaging bug was submitted at https://salsa.debian.org/debian/dracut/-/merge_requests/37archive.org.

Switch to systemd-less dracut[edit]

Date: 2024-09-26

Dracut with systemd enabled has a module conflict leading to a scary error message about being unable to mount sysroot. This error message ultimately is harmless, but disturbing. See https://forums.kicksecure.com/t/iso-error-message-during-boot-mount-sysroot-special-device-liveos-rootfs-does-not-exist/418/4archive.org.

When researching how to resolve this, I found https://github.com/dracutdevs/dracut/issues/1820#issuecomment-1133439023archive.org which suggested omitting systemd from the dracut initramfs. After a couple of builds, I was able to do this and get a working Kicksecure ISO, however it now showed a (less scary) error message stating switch_root: failed to unlink mnt: Directory not empty. This turned out to be because Dracut mounts /dev/cdrom0 to /mnt/cdrom0 and then later tries to delete the directory without clearing it. After some more research, I wrote a dracut module that unmounted /mnt/cdrom0 and then rmdir'd /mnt/cdrom0, resolving the issue. This was tested and confirmed working. Code changes: https://github.com/ArrayBolt3/derivative-maker/commit/894d0657b7cd69370d67759709fff166d469cc37archive.org

Ultimately it looks like we won't go with this approach as systemdless dracut has issues with encrypted systems on Trixie at least. Testing to see if this even happens on Trixie is planned, and if so we'll fix the root cause there.

Test for memory leaks in kloak[edit]

Date: 2024-09-26

ChatGPT pointed out some potential memory leak areas in kloak's source code. I looked at them and didn't see any particular issues. After checking the allocation and free behavior, I additionally compiled and ran kloak, then did typing tests and lots of mouse movements in order to stress test kloak. No significant memory usage was noticed indicative of a leak.

Investigate dom0 implementation of kloak in Qubes OS[edit]

Date: 2024-09-26

Read through https://github.com/QubesOS/qubes-issues/issues/8541archive.org, investigated qubes-gui-daemon's source code to determine how to implement kloak most effectively there and suggested a potential way forward (writing kloak's functionality into the GUI daemon). Comment at https://github.com/QubesOS/qubes-issues/issues/8541#issuecomment-2377325699archive.org Implementing kloak within individual VMs does not seem practical in the long run since kloak can't run above the X server or compositor without special support from that server or compositor, and Qubes OS's Wayland compositor is intended to be implemented without support for kernel input devices. This means that kloak has to be placed at the GUI daemon layer, in which case it's most likely easiest to just make it part of the GUI daemon.

2024-09-25[edit]

Harden Calamares encryption settings[edit]

Date: 2024-09-25

Discovered that encryption code is located in libkpmcore, which is a component of KDE and not something that can be easily changed in Calamares yet. Discussed obstacles and potential implementation strategies with Patrick, decided to try just getting more secure settings upstream first. KDE development discussion post: https://discuss.kde.org/t/making-libkpmcores-luks2-settings-more-secure/21764archive.org

Require user to make encryption choice explicit[edit]

Date: 2024-09-25

I originally started by trying to implement this from scratch to offer it as a feature request to upstream Calamares. As it turned out however, the feature already existed, and was able to be switched on by enabling a preCheckEncryption variable. Code change: https://github.com/ArrayBolt3/live-config-dist/commit/410c62e664e7d1387e7c013867242838ff2cb912archive.org

While initially trying to implement this, I discovered a bug in Calamares where the user could check the "Encrypt system" checkbox and then proceed past the partitioning screen without entering a passphrase. I reported the issue upstream at https://github.com/calamares/calamares/issues/2375archive.org (along with a PR that should resolve it).

Update kloak readme[edit]

Date: 2024-09-25

Updated README.md to reflect current state of kloak. Code changes: https://github.com/ArrayBolt3/kloak/commit/4bbdf38cc6c6f9162348d9b23deef3169f8465b8archive.org

Add Qubes OS support to kloak[edit]

Date: 2024-09-25

Determined how to manually enable kloak on Qubes OS, documenting findings at https://forums.whonix.org/t/current-state-of-kloak/5605/111archive.org.

Getting this working by default needs orchestration, asked for advice from Qubes OS developers on how to proceed at https://github.com/QubesOS/qubes-issues/issues/1850#issuecomment-2374908358archive.org.

Disabled AddressSanitizer in kloak, it was unfortunately incompatible with Whonix's ASLR settings. See https://stackoverflow.com/questions/77672217/gcc-fsanitize-address-results-in-an-endless-loop-on-program-that-does-nothingarchive.org. Code change: https://github.com/ArrayBolt3/kloak/commit/c3500fc38cea3d69c96765f6691688e4079ecd67archive.org

During work, discovered that Qubes OS and VirtualBox users may be distinguishable from other users based on typing and mouse movement patterns, potentially due to VM clock resolution. Recorded findings at https://forums.whonix.org/t/device-fingerprinting-of-vm-users-virtualbox-qubes-xen/20460archive.org.

2024-09-24[edit]

Automatically maximize Calamares window[edit]

Date: 2024-09-24

Ensured that a fullscreen window was acceptable, tested and implemented. Code change: https://github.com/ArrayBolt3/live-config-dist/commit/ab8a7e1829f7050882385488a67e9a316a9270fdarchive.org

Investigate use of systemd-oomd[edit]

Date: 2024-09-24

Left a note at https://forums.kicksecure.com/t/consider-installing-systemd-oomd-by-default/223/4archive.org with some thoughts. systemd-oomd has caused trouble before and is likely best to avoid.

Check haveged test suite[edit]

Date: 2024-09-24

The blog article at https://jakob.engbloms.se/archives/1374archive.org made it look like haveged's test suite was passing even if the generator only ever output 1s. Using the latest version of haveged, I patched it to only ever output 1s, then ran the test suite. The suite failed under these conditions. Documented findings at https://github.com/jirka-h/haveged/issues/81#issuecomment-2372664967archive.org.

add configuration option to disable rescue key[edit]

Date: 2024-09-24

Kloak development. Added -p (persistent) option for disabling rescue key sequence. Ensured -k (for setting a custom rescue key sequence) and -p could not be used simultaneously, and documented -p in the help output. Code changes: https://github.com/ArrayBolt3/kloak/commit/ac9d1fc2712966a5ae834a690a885db9f10b2b0barchive.org

Document rescue key[edit]

Date: 2024-09-24

Kloak development. Added documentation for using the rescue key, customizing it, and disabling it. https://www.whonix.org/wiki/Keystroke_Deanonymization?shownotice=1#Rescue_Keysarchive.org

makefile fix[edit]

Date: 2024-09-24

Kloak development. Added check for pkg-config to kloak's makefile, fixing a minor indentation-related bug in the makefile in the process. Code changes: https://github.com/ArrayBolt3/kloak/commit/a290f5f0fd864ea459e1c3e75a424fe7dd33cca8archive.org

Test mouse click obfuscation[edit]

Date: 2024-09-24

Kloak development. Tested on both my physical machine (Kubuntu 24.04) and on a Whonix Workstation VM. Mouse click events were seen in the log output of kloak when running in verbose mode, and noticeable randomization was being applied even when kloak ran as a systemd service. Reported findings at https://github.com/vmonaco/kloak/issues/51#issuecomment-2371866583archive.org and https://github.com/vmonaco/kloak/issues/51#issuecomment-2372382050archive.org.

Investigate xrdp support[edit]

Date: 2024-09-24

Kloak development. https://www.whonix.org/wiki/Keystroke_Deanonymization#xrdparchive.org

Document kloak testing procedure[edit]

Date: 2024-09-24

Kloak development. Looked into potential applications that could be used to test kloak's effectiveness. Two hopeful-looking solutions were found on GitHub (https://github.com/johwconst/keystrokeDynamics2FAarchive.org and https://github.com/goncalopp/keystroke_dynamicsarchive.org), however both of them proved to be prohibitively difficult to set up due to badly outdated Python code. TypingDNA appeared to be too privacy-invasive to recommend to other users. Settled on vmonaco's device fingerprinting test, and documented how to use it. Results can be seen at https://www.whonix.org/wiki/Keystroke_Deanonymization#Defense_Testingarchive.org.

Document how to clear apt-cacher-ng's cache[edit]

Date: 2024-09-24

Kloak development. Kicksecure's build process uses apt-cacher-ng. If a corrupted package is downloaded from Debian's mirrors, it will crash the current build due to a hash sum mismatch, then crash every subsequent build because the corrupted package will be stuck in the cache. After a couple hours of debugging what was happening, I traced it back to the cache, cleared it, got a successful ISO build after a little bit more fiddling, then documented my findings at https://www.kicksecure.com/wiki/Dev/Build_Documentation/VM#Build_repeatedly_errors_out_with_hash_sum_mismatcharchive.org.

seccomp debugging documentation[edit]

Date: 2024-09-24

Kloak development. Documented how to find a specific system's syscall table at https://www.kicksecure.com/wiki/Seccomparchive.org.

autostart systemd user unit xdg-desktop-portal[edit]

Date: 2024-09-24

Got an ISO to build properly after some fiddling, then tested xdg-desktop-portal autostart by:

  • Installing xdg-desktop-portal
  • Installing xdg-desktop-portal-gtk
  • Running systemctl --user status xdg-desktop-portal and systemctl --user status xdg-desktop-portal-gtk - this showed that the portal was NOT running yet
  • Opening Firefox
  • Clicking Menu > Settings > scroll to Files and Applications > click "Browse..." next to Downloads
  • Running systemctl --user status xdg-desktop-portal and systemctl --user status xdg-desktop-portal-gtk while the portal window was shown - this showed that the portal WAS running

Added needed packages (along with an ISO build failure fix) to kicksecure-meta-packages. PR: https://github.com/Kicksecure/kicksecure-meta-packages/pull/1archive.org

2024-09-23[edit]

bugfix for time issues[edit]

Date: 2024-09-23

Kloak development. Debugged root cause of time-related keyboard lockup bug reported at https://forums.whonix.org/t/sdwdate-can-cause-system-time-to-jump-backwards-causing-issue-with-kloak/20433archive.org, recorded findings and created bugfix. Findings report at https://github.com/vmonaco/kloak/issues/31#issuecomment-2368666686archive.org and https://forums.whonix.org/t/sdwdate-can-cause-system-time-to-jump-backwards-causing-issue-with-kloak/20433/4archive.org, bugfix at https://github.com/ArrayBolt3/kloak/commit/36385d7b0050601e6f255b168c297dab8d8fb027archive.org

Investigate stronger compile-time hardening flags for Kloak[edit]

Date: 2024-09-23

Found and implemented suggestions at https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.htmlarchive.org, fixing all code issues found in the process. Code changes: https://github.com/ArrayBolt3/kloak/commit/c9c5a9876bd7fba17ec638efd065cc0836329766archive.org

Avoid use of strncpy[edit]

Date: 2024-09-23

https://github.com/vmonaco/kloak/issues/66archive.org mentioned wanting strncpy replaced with strlcpy for better security. However Linux's manpages warned about potential security issues with strlcpy (potential for DoS attacks if an attacker could control an input string) and performance issues, and recommended the use of a custom "strtcpy" function instead. This recommendation seemed reasonable, so I implemented it. Code changes: https://github.com/ArrayBolt3/kloak/commit/0c66a7b2da09cbabc5c4368a532ab43a0f34fbb8archive.org

Integrate "Add a header file to make future development easier" pull request[edit]

Date: 2024-09-23

Kloak development. Pull request: https://github.com/vmonaco/kloak/pull/61archive.org Adapted and integrated into Whonix's fork of kloak. Code changes: https://github.com/ArrayBolt3/kloak/commit/b0f0c926d84a6d60363c89c11b8f36cc55b57459archive.org

Integrate "ChatGPT3" pull request[edit]

Date: 2024-09-23

Kloak development. Pull request: https://github.com/vmonaco/kloak/pull/65archive.org Some of the code (most notably the strncpy bits) were implemented differently in my adaption of it, using strtcpy instead. Code changes: https://github.com/ArrayBolt3/kloak/commit/7f9bc1bcfd08e8b3554e135a4c4d59a0a09b26d8archive.org and https://github.com/ArrayBolt3/kloak/commit/bb4a7143877eb12904e797224c2b0afc05463713archive.org

Integrate "Add support for new devices attached after kloak starts" pull request[edit]

Date: 2024-09-23

Kloak development. Pull request: https://github.com/vmonaco/kloak/pull/67archive.org The implementation of this PR had some issues, mainly with the use of a separate kloak process for every input device. I mentioned this at https://github.com/vmonaco/kloak/pull/67#issuecomment-2369121000archive.org, then adapted the code using a method that used only a single kloak process for all devices. Code changes: https://github.com/ArrayBolt3/kloak/commit/0d91a09a76ffa21b2782d673fcb91b16574b58d6archive.org

Add ASan and UBSan integration[edit]

Date: 2024-09-23

Kloak development. Investigated ASan and UBSan, determined how to add them to kloak, ensure nothing broke horribly when done. Ultimately ended up being quite easy. Code changes: https://github.com/ArrayBolt3/kloak/commit/5beda6da49cf1ef9ef09767e35a5660015160ee8archive.org

Fix ARM support[edit]

Date: 2024-09-23

Kloak development. ARM support bug: https://github.com/vmonaco/kloak/issues/25archive.org ARM support seemed to mostly "just work" on the Raspberry Pi 4B when compiling and running kloak directly, unsandboxed. However sandboxing revealed that the syscall filtering rules set in kloak's systemd unit were not correct and thus kloak was crashing. Determining the right syscalls for aarch64 (and then also for x86_64 on top of that) took a while, as did setting up the RPi as a development board, but it was doable. Code changes: https://github.com/ArrayBolt3/kloak/commit/d7f386dcdd25263eb9e7a7031b171fdec3d0d4d3archive.org and https://github.com/ArrayBolt3/kloak/commit/7fa9500c32f6560bf6ee7fe55438e27869601a0earchive.org

Code review with ChatGPT[edit]

Date: 2024-09-23

Kloak development. At Patrick's suggestion, I ran kloak's main.c file through ChatGPT to see if there were obvious issues. Based on its advice, I broke out post-execution cleanup code into its own function and ensured that the cleanup code was called on both normal and abnormal shutdowns. No AI-written code was integrated into kloak in the process, nor were any suggestions blindly implemented. Code changes: https://github.com/ArrayBolt3/kloak/commit/ba5df2543f247ed5592690d97019e0444e79b749archive.org

Create pull request against Whonix's kloak fork[edit]

Date: 2024-09-23

Kloak development. Reported changes and suggested merging them into Whonix's kloak fork. Pull request: https://github.com/Whonix/kloak/pull/1archive.org

Hans[edit]

Sprint 2024-08 to 2024-10[edit]

  • 2024-10-13
    • Template Quotation upgraded to work in lists + documentation
    • 4 pages review and beautify, thumb image
      • root
      • pw defaults
      • boot modes
      • account isolation
  • 2024-10-12
    • kicksecure wiki link template logo created and integrated
    • self help pages merge and unmerge
    • navi template documentation updated and integrated in new member pages
    • navi template self-help created and integrated in the pages
    • 10 various web dev topics researched and analysed as requested
    • Troubleshooting page complete revision
  • 2024-10-11
    • Server forcing browser cache clear methods research and suggestions
    • Kicksecure About page promo beauty content
    • Self support first page new chapter + new image
    • VPN port shadow attacks content
    • help youself mininav template suggestions
    • Documentation links added
    • template kicksecure_wiki archive none + target_blank + improve image suggestion
  • 2024-10-10
    • Download Button Modal
      • small headline padding stylefix
      • bottom button hidden on mobile fix
    • cache reliable solution research and suggestions + discussion
    • instant page download preload bugfix
    • mw-headscript move cache busting to server replacements
    • mobile browser cache busting research + recommendation
    • cache documentation complete revision and update to newest techniques
    • css extension fork reevaluation
    • documentation of vanishing scrollbars
  • 2024-10-09
    • miniModal
      • if active stop body scrolling + remove content shift
      • custom scrollbars for all modals + auto-updating on resizing
      • recheck all modals and make compatible with new method
    • remove legacy js code from footer
    • download button modal
      • remove file-url from file-info
      • bugfix modal multi init (multiple ids bug)
      • remove leading string "download\s*" from file info
  • 2024-10-08
    • Discussion Todo
    • Download Button Modal
      • optimize donation panel widget and payment page
      • load payments via ajax into modal (new technique)
      • load css file via ajax
      • new crypto icons and more tag
      • fine tuning + update download button documentation
    • documentation for new ajax method Javascript: Ajax Loading for special cases
    • new coming soon icon
    • Tronix payment added to payments page
  • 2024-10-07
    • EmbedVideo remove Footer
      • improve play button
      • mobile width style
    • PayViaPaypal small bugfixes
    • Download button new modal feature
      • styling + tests
      • icon revision
    • documentation
    • instant page download button bug analysis
    • Install_Software page review + revision suggestions
  • 2024-10-04
    • IconSet
      • style improvements
      • replace icon with iconset in most instances
      • also replace virtualbox "number" style with iconset
      • new iconset style keyboard
      • documentation
    • pageloading report console styling improved
    • "Install Additional Software Safely" page introduction improved
    • performance tests page: new test executed and documented
    • new color schemes for fonts
    • Whonix Windows Installer page revision
    • iso page
      • step images chapters
      • well done banners
      • trouble shooting chapter
      • video player poster and fullscreen research
    • Pay as you go modal solution suggestion
  • 2024-10-03
    • Number icon task analysis + suggestion
    • icon template
      • new parameter shadow
      • parameter border fat, thin values
      • documentation
    • new template iconSet with presets
      • tests + documentation
    • editorAutobackup some bugfixes
      • database consistency check cleanup
    • codeselect php warnings existence checks
    • js pageloading time testing
      • new method to capture asynchronous loading
      • improved reporting
      • documentation
    • iso page embedvideo integration for boot menu explainer video + fullscreen research
  • 2024-10-02
    • Hashcontroller Upgrade + documentation
    • async JS loading for codeSelect + sharetooltip + scrollAutoWrapper
    • wiki load cascade documentation
    • Detailed report ISO documentation - compare with Tails
    • Total revision of virtualbox and all its sub templates
  • 2024-10-01
    • EditorAutoBackup saving bug research
    • Dev/mediawiki loading delay bug analysis
      • DebugViaUrlModal upgrade all scripts loaded
      • MwCombineJsWrapper bugfix hashcontrol conditional
      • slow page individual script analysis report
      • web worker research
      • setTimeout Method applied to MwCombineJsWrapper
  • 2024-09-30
    • Boot Help Video
      • Direction discussion
      • Animation Revision
      • new step (beginning, research notice)
      • audio track created
      • speaker text draft
      • exiftest and upload
      • video embed extension research for MediaWiki
    • debug helper old file url bug analysis + fix
    • new script CollapsibleGlobalMods.js to globally apply “learn more” label + also “Show Less” label
      • removed all data-expandtext and data-collapsetext
  • 2024-09-27
    • WhonixOnMac Tabcontroller vs thumbnail analysis + clearfix implementation + documentation
    • Discussion ToDo Boot menu + twitter image bug
    • Icon Template two new parameters border text
      • style param 1 new option
      • tests + documentation
    • ISO page “Boot the ISO” chapter revision rewrites
      • reorder + illustration
    • ISO page boot menu explainer video created
  • 2024-09-26
    • USB_installation discussion and small improvements
    • ISO page
      • number icon color language changed
      • number and alphabet icons for Linux Ubuntu and Debian
      • beautify iso_writer_installation_linux more and sub templates
      • ISO page 7 new images for TOC (steps)
    • gallery tag new white style created
      • documentation + tests
    • codemirror large file problem research + summary
  • 2024-09-25
    • Art Gallery image fix
    • revision of USB-Installation
      • texts + icons
      • restructure + styling
    • Super large file problems codemirror research
    • EditorAutoBackup byte oversize management feature
      • general exception handling
      • icon color change + notification
      • documentation + cleanup
  • 2024-09-23
    • request-servers-to-fetch-and-deploy.sh created
      • secrets outsources
      • references updated
      • documentation
    • EditorAutoBackup features discussion
    • ISO thorough testing
      • Discussion ISO
      • heavy editing of page ISO 60%
    • new gray and white color schemes added + documentation
  • 2024-09-19
    • CodeSelect white space bug analysis
    • Editor-Autobackup new 100% implemented
      • documentation
      • added to wiki enhancements
    • deploy to servers prompt improvement
  • 2024-09-18
    • CodeSelect new technique textarea global helper
      • table with codeselect overheight bugfix (automatically because it was caused in Firefox by old technique)
      • codeselect cleanup and logical restructure
    • gallery tag documentation and wikitest test
    • Editor-Autobackup new 50% ready
  • 2024-09-17
    • CodeSelect
      • execCommand replacement research + implementation of new syntax + permissions research
      • white space bug solution (new implementation via textarea)
    • Discussion ToDo
    • CodeEditor pre and underline
      • images created
      • buttons added
  • 2024-09-16
    • CodeSelect research leading space bug + found newline collapse bug
    • add reporting bugs to support header whonix kicksecure
    • gallery tag mobile and minerva skin research + minerva like implementation
    • Extension HeadScript documentation update
    • Discussion competitor page style Research
    • Wiki Enhancements Extensions search + texts + remove standard extensions
    • EditorAutoBackup version 2.0 specifications
  • 2024-09-13
    • Whonix and Kicksecure local pages move local info
      • remove metager + add perplexity (kick)
      • legacy code cleanup
    • Gallery usage discussion
      • new gallery template tried but not working with Template
      • Research about <gallery> tag
    • twitter image research (extensive!)
      • private server testing
      • documentation
    • Wiki_Enhancements reorder of old content
      • new content points (80% ready)
      • new images
      • gallery tag usage
  • 2024-09-12
    • Mininav more narrow pseudo-bold technique + small selector bugfix
    • deploy to servers: Check prompted directory to prevent user error
    • thumbgallery styling improved
      • new parameters mode justify
      • bugfixes on legacy code
      • documentation + wikitest
    • page Wiki_Enhancements completed
      • images created
      • text + structure + beautification via our templates / modules
  • 2024-09-11
    • build files improved structure
      • remove legacy code + cleanup
      • better in-code documentation
      • wiki documentation created
    • php warnings regarding codeSelect bugfix
      • code cleanup
    • Kicksecure local page added load text
      • added docu search
      • drop shadow icon
      • general style improvement on all screen sizes + tested
    • mininav bugfix support for external links
  • 2024-09-10
    • Download button bug analysis
    • Splide deprecated analysis + recommendation
    • Splide numbered pagination implementation + Lighthouse readjustment
    • Collapsible template documentation + new tests
    • Kicksecure forum descriptions
    • Discussion Todo
    • wiki enhancements summary 50%
  • 2024-09-09
    • mediawiki-extension-CSS maintenance analysis and recommendation
    • dark mode documentation
    • delete legacy mwcombinejswrapper
    • mininav rendering inconsistency analysis + pseudo-bold font weight technique
    • Whonix local pages discussion upgrade style + add info text + upgrade with doc searches
  • 2024-09-06
    • Image file syntax research
      • replace all file image Image by File
      • documentation
    • Splide slider deprecation and pagination counter CSS analysis
    • Dev/Logo page content improvement
      • new file names + replace in both wikis + remove Logo_box.png chapter and file (not used anywhere anymore)
      • documentation
    • Created new template Collapsible + documentation
    • Link color improvements
  • 2024-09-05
    • Lighthouse
      • links rely on color for Virtualbox page research + bugfix + documentation
      • Header images wrong display size fix
      • reduce unused CSS research + documentation
    • jscookie deprecation analysis
    • ContentImage global Alternative
      • testing with link and empty link
      • remove all contentimage usage one page at a time
      • some individual page corrections
    • replace multiple empty lines with one on both wikis
  • 2024-09-04
    • Scrollwrapper enrichTolerance vs false-positive enrich + documentation
    • CustomScrollbar
      • new global settings feature
      • scroll-through feature
      • prevent text selection spilling
      • documentation
    • Styling broken images research + solution discussion + simple style solution
    • Darkmode lib new version diff analysis
    • thumbnail ContentImage analysis
    • Tab content controller
      • remove auto-select first tab
      • new wikitest
      • documentation
      • flagged reviews widget overlay designfix
  • 2024-09-03
    • pagespeed mininav links not crawlable analysis + improved documentation
    • pagespeed deep check Virtualbox pages: img alt descriptions, links descriptive text, info box color improvements
    • tab controller documentation improvement
    • image no-load analysis
      • Torbrowser new version bug testing (on our side)
      • Analysis and suggestions for header + footer improvement
    • mediawiki-link-to-archive backport + documentation + compatibility suggestion
    • custom srollbar mobile improvement analysis
    • contentImage newline and thumbnail option analysis
    • dark mode maintainanace analysis and suggestion

Archive

  • 2024-08-30
    • Broken WikiSEO og:image investigation + suggestions
    • wikitableautowrapper replacement with more general solution scrollautowrapper
      • file cleanup + css cleanup
      • new conditional application - wrapper only if needed. Saves client performance
      • new feature screen height conditional top scrollbar (only if threshold is reached)
      • New wikitests ScrollAutoWrapper
      • New / updated documentation ScrollAutoWrapper
    • Content shift investigation for https://gtmetrix.com/reports/www.kicksecure.com/saJHEvIh/archive.org
      • mw-headscript font preload optimization according to guidelines
  • 2024-08-29
    • FUTO further communication
    • confidential research (multiple subjects)
    • Kicksecure HP blur bugfix
    • video link new parameter style
      • new style subtle
      • new svg
      • documentation
    • Donors page and Transparency page improvements (style and content)
  • 2024-08-28
  • 2024-08-27
    • Discussion ToDo
    • Vector Legacy Maintenance documentation
    • Lighthouse 4 error documentations
    • adrelanos phabricator acount checkup + double report finding
    • Bug report Error "Links are not crawlable"
    • build-and-deploy-to-servers bugfixes layout improvements
  • 2024-08-26
    • PUP footer text analysis and suggestions
    • General Sponsorship Policies review and improvements
    • bugfix hidden table zero width table wrapper bug
    • codeSelect
      • hidden reveal bugfix
      • feature cs-no-custom-scrollbars – natürliches scrollen für debugviaurlmodal
      • improved structure and comments
      • Added test to Dev/wikitest
      • documentation
    • Improved hashcontroller with new feature + performance improvement on js client + documentation
    • Documentation for custom scrollbar CustomScollbar
  • 2024-08-24
    • Footer PUP section discussion
      • implementation + styling
    • advertisement page enhancements discussion
  • 2024-08-23
    • CustomRepo Template created
    • Discussion ToDo
    • Donor Card message parameter introduced
    • wikitable wrapper
      • scrollbar unification of solution for mobile and desktop
      • native scrolling introduced for nojs users
      • thumbnail table float width correction bugfix (was hidden before, eg on page Dev/wikitest on top right)
      • firefox perfect no content shift fixing
      • strong code reduction (not needed due to unification)
      • documentation WikitableAutoWrapper and ScrollableIndicator
    • codeSelect
      • scrollbar solid implementation (works for mobile and desktop)
      • bugfix buttonimage (was not shown for empty string parameter)
      • overflow perfect content shift prevention firefox
  • 2024-08-22
    • Discussion ToDo
    • Headscript concept work
      • jswrapper new function core dependent lib scripts
      • performance test
      • documentation
    • wikitable custom scrollbar implementation + firefox content shift prevention
    • codeSelect custom scrollbar
  • 2024-08-21
    • Task analysis + transcription
    • overlong archive link analysis
      • fixed improperly close archive_link
      • removed nowrap solution
      • documentation
    • bug Overlong CodeSelect not showing scroll bar analysis
    • headscript reorganize + cleanup
      • add jquery dependent scripts section
    • tinybar implementation + first test successful
  • 2024-08-20
    • About pages (Kick, Whonix) Lighthouse fixed
      • touch target spacing + archive links fixed
      • cite backlinks fixed
    • archive link
      • added class "external"
      • linebreak analysis + solution suggestion + linewrap parameter + implementation + documentation
    • mw-collapsible label now possible as paragraph p
    • Footer image aspect ratio fix for Lighthouse
    • Whonix and Kicksecure Documentation pages fixed for Lighthouse
  • 2024-08-19
    • Bugfix Donor broken images
    • Firefox donation/EUR bug research + rejected
    • task archive chapters were reorganized
    • top headline edit button missing bug analysis + suggestion
    • Legacy Vector TOC research and Lighthouse bug report to Mediawiki
    • Touch target spacing improvement for Lighthouse
  • 2024-08-16
    • Whonix HP explainer video
      • only load on demand
      • remove superfluous code
      • move code to whonix localpages
      • remove superflous video poster
      • documentation
    • remove affiliate link option + comment out plus premium support and investors
    • wikieditor codeselect newlines
    • external links and Archive_link archive.org bugfix
    • Whonix page About pagespeed research and questions to admin
    • update fonts + documentation
  • 2024-08-15
    • Pagespeed
      • Kicksecure TM symbol issue resolution
    • issue “Failed to load resource” research
    • Fontawesome
      • subset research + documentation
      • unify to new icon syntax (files + both wikis) and remove spaces
      • double loading bugfix + documentation
  • 2024-08-14
    • Evaluation + rejection of keyboard shortcuts idea for editor
    • Prevention of Firefox's hidden scrollbar behavior research + lib research (overlayscollbars, simplebar, slimbar, minibar, tinyscollbar) + implementation test + rejection documentation
    • CodeSelect new feature parameter breaklines + multiwiki + documentation + bugfixes in wikitable wrapper occuring
    • Homepages hero image Pagespeed solution documentation Homepage (/wiki/Homepage)
  • 2024-08-12
    • Vector Skin Doc Update and rewrite at 3 chapters
    • Repo files contributor editor settings documentation
    • table scrollable on desktop re-evaluation
    • Lighthouse Links without discernible name documentation
    • Editor Button upgrade discussion + implementation 50%
  • 2024-08-09
    • Lighthouse Links not crawlable problem research + bug report
    • Lighthouse id attributes error re-checked
    • Lighthouse re-check discernable links task
    • Lighthouse Whonix and Kicksecure homepages both solution for "touch targets space" problem + SVGs created as overview image previews
  • 2024-08-08
    • Lighthouse Links solution for Kicksecure and Whonix homepage and About page
    • Lighthouse error Thumbnails with link research + bug report + design fixes
    • Lighthouse Splide bug no-hack workaround Kick and Whonix homepages
  • 2024-08-07
    • Mediawiki ticket bug report regarding html not stable policy
    • Communication setup and communication with forecast researchers
  • 2024-08-06
    • Mail outreach for possible open source partner
    • Forecast research and communication

Sprint 2024-01 to 2024-02

  • 2024-02-03
    • Tor Safest Header Logo Alt text styling
    • Tor Browser tasks analysis and replies
    • Pagespeed tasks
      • expand not crawlable revisit analysis
      • mininav not crawlable research and analysis
      • source map research
      • About pages image alt fix
      • Whonix about headline order
      • Duplicated slider IDs analysis and suggestions and solution
      • Link and background colors contrast adjustments
    • lefttorightimage template and widget upgrade + documentation
    • Local Homepage tasks: remove JS and analyse random news possibility
  • 2024-02-02
    • Registered Sign style fixes mobile
    • Mediawiki selflink ticket progress analysis and suggestions
    • Unified homepage dark section colors for background and links
    • Copyright injection script
      • Exclude index.php
      • Add headlines to protected elements
      • Simplify protect node identification
      • Bugfix false-protection
      • Protection of up to 300 words from injection
      • Debug mode messages + user message
      • Testing
      • Documentation
    • Slider revision discussion
      • Reposition arrows
      • Unify colors
      • Reposition flow control
  • 2024-02-01
    • Discussion TODO
    • Homepages
      • Unified and simplified card structure on Homepage all link - heavy editing on Widget:Page_Homepage on Kicksecure and Whonix. Cards all have the same structure and basic functionality right now
      • Unified Page_Homepage.css from Whonix and Kicksecure. Put the common parts in shared Page_homepage_common.css and only specific styles on the specific CSS files. Prevent double and follow-up problems like outdated code. Also refactored code and structure for much better future usability
      • Created Snowden on Whonix wiki page
    • Sliders on Homepages
      • Simplified slider creation (less code due to unified cards)
      • Moved slide styles to Homepage
      • Make all slides links so url preview bar (bottom left in browsers) shows always link
      • Make text selectable on slides (must be done because of previous point: all slides links) and prevent triggering opening link or modal due to text marking
      • Improved Homepage styling in general and specifically sliders, unified styling (less code)
      • Unified hover transform for all slides
      • Special slider style for dark sections (auto-detect with CSS)
      • Updated Dev/mediawiki#Splide_homepage_sliders
  • 2024-01-31
    • Trademark Register fine tuning
    • headscript better page route analysis
    • hsversion cache control inserted in CSS extension use cases in Kicksecure and Whonix
      • new files for pages and templates
      • documentation
    • new AddMessageToCopiedText.js – add copyright text to all copied text on the wikis
      • excluding “protected objects”
      • Prevent Protection due to the selection starting and ending in different protected elements
  • 2024-01-30
    • Discussion TODO
    • Slider improvements
      • improved api (data-slider-type)
      • Unified the section data structure for the home pages
      • googleoff for whole slider
      • Responsive for mobile (less slides visible)
      • New type htmlcard for press cards
      • Implemented in Kicksecure and Whonix homepages
      • Documentation
      • Restyling control element icons
      • Prevent click action when text selection active
    • task discussion replace css extension
    • Homepage card sui disabler moved up, written new text and made new modal
  • 2024-01-29
    • Discussion TODO + Kicksecure system browser choice
    • Headscript avoid php errors
    • register sign more subtle
    • expand button color fix + google lighthouse metric
    • discover hidden elements extended for anchors + documentation
    • slider implementation
      • created temporary testing environment
      • Fixed a small bug in headscript regarding when the splider script is loaded (only on homepage but it was too strict)
      • styling
      • fine tuning
      • adjustment for other sections
      • multiple different click events handled
  • 2024-01-26
    • Mediawiki self-link new draft for feature request
    • GoogleOff
      • Applied to CodeSelect
      • Review of “see share button” SEO bug
    • Slider for wiki Homepages
      • splidejs docu research
      • setup and import in file system and in headscript
      • Regexp to only load library on homepages
      • homepageSliderInit.js created
      • Implementation, testing, problem analysis
      • New solution suggestions
    • cacheclear discussion
    • Reposition of editor augmentation logos due to new Mediawiki version
    • Share widget improvement: new reddit logo and markdown button
    • Broken anchor problem review and analysis
  • 2024-01-25
    • javascript-notice template fix
    • share widget
      • plain copy was made more prominent
      • "wiki" and data-project data was removed from in share texts
      • A new url templating language and parser were introduced
      • New colored share symbols were introduced, new logo for the Mediawiki share option
      • Plain copy was re-implemented as a code select line on top
      • A complete re-arragement of the elements in a new order was don
      • Description texts were added for the copy url options
      • Testing was done
      • Documentation was updated, especially in-source
    • Discussion ToDo
  • 2024-01-24
    • Register symbol review and improvement
      • Removed logo text and replace logo plus text
      • Responsive styling
    • Parsoid self-link research and suggestions
    • ChatGPT css suggestions review and analysis
    • Outreach / communication
    • Blurry gui preview image replacement
    • Evolution host SVG file with text
  • 2024-01-23
    • New Build System Multiwiki docu rewrite - Multiwiki and sub chapters
    • Review of build file changes by admin
    • Improved payviaPaypal forceSandbox
    • Improved build and deploy
    • EditorMultiwikiNotice new terminology (from documentation) implemented (publisher/subscriber instead of master/slave)
    • Docu Replacement [[Mediawiki:files]] and refilter Common.js + Common.css + #css:Mediawiki files etc
    • parsoid and mediawiki image link rendering review and documentation
    • Headline style improvement
  • 2024-01-22
    • New build system continuation
      • adjust build.json files
    • move wiki specific src files and adjust build config files
      • diff check that new build was done correctly relative to old rendered files
      • 2 repo solution analysis and suggestion
    • Paypal widget rewrite / bugfix review
    • Kicksecure logo rectangle
    • Pay via paypal sandbox mode
      • Always activated on staged server
      • Sandbox indicator widget
      • Documentation
    • Improved local deploy script
    • documentation staging server test
  • 2024-01-20
    • mw-combine rewrite completed
      • Optimizing file structure
      • Refactoring mw-combine
      • Refactoring build.json
      • in-file documentation
      • Debugging + testing + bugfixing
      • Demonstration video
      • Discussion Call
  • 2024-01-19
    • Discussion Todo
    • Created switching script to staged server config and back for local usage of contributors
    • New wiki files build system
      • git configuration + 3 repos initialized
      • files transferred from old system + completeness check
      • architecture analysis and discussion
      • resctructuring
      • bash script + mw-combine rewrite beginning

Sprint 2023-08 to 2023-09

  • 2023-09-08
    • Virtualbox installer logo
    • Illustrative images
      • Whonix-Gateway Xfce VM illustrative image
      • Whonix-Workstation Xfce illustrative image
      • Kicksecure CLI illustrative image
    • HP images
      • Stream Isolation image
      • File swap creator image
      • targeted updates image
    • Stream isolation thumbnail too big
    • Nav-menu column overflow bugfix
  • 2023-09-07
    • donor cards broken + wikitest
    • Discussion Todo
    • pagespeed fixes
    • discuss CSS hide footer items
    • Expand Collapse replace new technique + docu + tests
    • mediawiki bug report CSS/HTML changes
  • 2023-09-06
    • Pagespeed fixes
    • donation appeal page discussion
    • GrapheneOS task review
    • Mobile_Phone_Security wiki page content enhancements
    • CSS hide footer items
  • 2023-09-05
    • Mediawiki Code Editor Warnings Research
    • Server Cache Busting review
    • Google Mobile Font review
    • whonix homepage press section
    • mw-collapsible-toggle screenreader aria research
    • header hover over effect and link
    • mw-collapsible bug report
  • 2023-09-01
    • add querystring to Headscript discussion + version + hsversion
    • CSS extension cache busting discussion
    • footer - TM vs R – Kicksecure and Whonix Headline + Symbol solution
    • homepage - sequential heading levels
    • Whonix HP new player hero image + play / pause player upgrade + SVG play symbol
  • 2023-08-31
    • header nav menu hover plus link analysis
    • Header Hamburger Menu like super menu
      • Kicksecure + Whonix
      • Refactor Header code
    • icon bullet list span upgrade + tests + documentation
    • anti spam email upgrade + Template Contact icon bullet list upgrade
    • Hompages "Learn More" labels
    • TODO Discussion
  • 2023-08-30
    • toc line wrapping bugfix
    • forums link indicator wrap bugfix
    • whonix homepage video bugfix
    • anti spam email hover feaure + icons + documentation + whonix port
    • super menu closeable when clicking elsewhere + open when hover
  • 2023-08-28
    • Whonix HP VPN table bugfix
    • Kicksecure Whonix Super Menu close via X
    • Antispam Email Tooltip Whonix + Kicksecure + tests + documentation
    • Template:GoogleOff span upgrade + tests + documentation
    • Discussion Header Menus JS Hover
  • 2023-08-25
    • footer superfluous scroll bar fix
    • Header menu Kicksecure Whonix
      • new open close technique
      • menu to full size
      • icon switch to x
    • pagespeed fixes for Whonix and Kicksecure
    • Whonix vs VPN table fix research
    • tables word breaking mediawiki bugfix
  • 2023-08-24
    • Footer new version for Kicksecure and Whonix
      • Code review + refactor + testing
      • Documentation
      • Dark Mode Button Fix
      • Open Source Logos Upgrade
  • 2023-08-23
    • New Header Whonix and Kicksecure
      • Nav Menu
      • Multiwiki restructure
      • code review + refactor
      • testing + documentation
    • FontAwesome research + upgrade
    • Footer new version 20%
  • 2023-08-22
    • Whonix Forum banner color
    • Sitenotice id new solution review + tests and documentation
    • Discussion Todo
    • Header new menu structure + design + multiwiki strategy
  • 2023-08-18
    • Mediawiki old vector skin
      • Responsive code review
      • 2x bug report upgrades
    • ContentImage upgrade + tests + documentation
    • Flagged Revisions Design Bugfix
    • Mediawiki update review finalized
    • Header new version 60%
  • 2023-08-17
    • Wiki update all broken fixes (image, thumbs, thumbgallery, community support, videolink)
    • MediaWiki verison log research + diff file review
  • 2023-08-16
    • Community Support Template upgrade + tests + docu + pages
    • New feature pre[data-code]
    • Template nowrap bugfix
    • StageServerIndicator + Headscript modification + documentation
    • wikitest check after update
  • 2023-08-15
    • Expand Button different labels + tests + documentation + pages update
    • mininav image icons + tests + documentation
    • Content Review Debian install + verify signatures
    • Content text improvement verifying software signature
    • Community support template : upgrade (first iteration)
  • 2023-08-14
    • Tab Controller citation bug search + feature cite-ref + new wikitest + documentation
    • Expand Button label discussion
    • wiki syntax discussion
    • header + footer discussion
    • Whonix Kicksecure HP images review
    • Whonix HP table pagespeed fix
    • tab content controller multi line space reseved + mininav upgrade + tests + documentation
  • 2023-08-11
    • Forum links analysis + link upgrade
    • DiscoverHiddenElements new feature
    • tab content controller upgrade
    • FlyinBanner testpage upgrade
    • minimav image support analysis
  • 2023-08-10
    • Share Tooltip and headline edit better positioning and better (and more reliable) hover effect
    • Mbox task review (closed)
    • contentimage thumbnail upgrade + documentation
    • GoogleOff for footer QR area
    • too much white space after table bug fix
    • tab controller
      • height bug fix
      • linkid use case upgrade
      • feature reviews
  • 2023-08-09
    • Discussion Todo
    • Download Button new icons parameter + titles (for these icons) + tests (wikitest) + documentation
    • Whonix Forum header footer restored
    • Download page Source Code link for Kicksecure and Whonix
    • Footer Header discussion and suggestions for Kicksecure and Whonix
    • Whonix Forum nojs bug research + bugfix + bug report
    • Share widget icon upgrade
  • 2023-08-08
    • Discussion Todo
    • Re-Balanced headline visuals
    • Whonix discourse forums revert to default
    • page too long (width) bug fix (2 pages)
    • Whonix super menu mobile fix
    • Share Tooltip Button better click + new icon suggest
    • Download Button custom image feature review
    • CodeSelect spacing bug researc

Sprint 2022-07 to 2023-06

  • 2023-06-23
    • Wikitests written for all functional elements and CSS, cleanup done and reordered wikitext page
    • Upgrade share toolkit
      • Now index.php pages are correctly translated to non-index.php share links.
      • And speed improvement: before the base url calculation was done again and again for each link, now just once
    • Bugfix miniModal : hash did not work properly
    • Bugfix hashController : slightly wrong if condition corrected
    • Bugfix WikitableAutoWrapper : did not work for mobile because of small mistake. Now works
    • Small CSS Bugfix for introlike template + documentation
    • Made Pages.js multiwiki (because redundancy), introduce LocalPages.js, Introduced new wikitest JS on Pages.js
    • Cleanup for build.json
    • VideoLink template update : Indivious onion link fix and documentation for future fixes
  • 2023-06-22
    • Discussion Todo
    • Video Homographs Revision + Title image
    • Mediawiki Widget Bug Research
    • CodeSelect small bugfix (due to FontAwesome upgrade
    • Testcases
  • 2023-06-21
    • Checked and deleted non-multiwiki widgets Kicksecure and Whonix, that are not in use anymore and made the other widgets MultiWiki
    • new Template:Headline + changed all widget to template + documentation
    • Oldid bugfix Whonix
    • Review widget bug
  • 2023-06-20
    • Updated and secured (against undeclared vars) of all Multiwiki Widgets: Checkbox Bug research, Widgets: CodeSelect + DonationPanel + DownloadButton + EagerImage + FlyInNoti + Footer + Header + Headline + HtmlComment + LeftRightImageText + SitenoticeBanner + Subdomain_link + VideoLink
      • Upgraded some widgets and corrected bugs for rare case scenarios, especially in DownloadButton, FlyInNotitication, SitenoticeBanner and Subdomain_link
      • New tests for all of the on Dev/wikitest
  • 2023-06-16
    • Video Homograph review + Preview image
    • Multiwiki deploy + testing
    • Intro Template ul upgrade
    • Whonix-host intro + icon list + content images
    • Features page review
    • Bugfix Widget Headline
    • Widget:Archive error handling upgrade + wikitests
  • 2023-06-15
    • YouTube video production: Homograph attacks
  • 2023-06-14
    • Unlighthouse research report
    • Github.io version for Kicksecure and Whonix + GitHub Pages config
    • Extension:Cookiewarning feature request
  • 2023-06-13
    • Share Widget Upgrade : Hover Connector
    • Text Extracts Research + Feature request written
    • Extension:CookieWarning GoogleOff analysis
    • JS Stream Download Hash research
    • Web vitals extension research
  • 2023-06-09
    • Bugfix Tab Controller TOC interaction + documentation
    • MiniModal upgrade to Hash Controller + documentation
    • /Linux nojs white space fix
    • Edit section research + suggestion + Mediawiki Bug report
    • Upgrade headline widget integration into Tab controller for Headlines invisible to TOC + documentation
    • UPgrade Hash Controller special chars + documentation
  • 2023-06-08
    • Reserach TOC Tab Feature
    • Todo Discussion
    • Created new feature Hash controller, documentation see Dev/mediawiki#Hash_Controller
    • Tab Controller Feature : react to TOC
    • Tab Controller Feature : write to Hash
  • 2023-06-07
    • Tab Controller
      • Content Cleanup
      • Content Shift Re-Correction (navigation)
      • Upgrade of the Image syntax
      • Page adjustments with new image syntax
      • wikitest examples created
      • Documentation updated
      • Syntax upgrade on Whonix
    • Discussion ToDo
    • Phabricator ticket analysis
  • 2023-06-06
    • New Widget:EagerImage
    • Tab Controller
      • Complete upgrade of syntax, in all files Template:Tab, JS file and CSS file
        • All features were ported and new features added
      • ID feature implemented. All tabs are now links
        • works for nojs users as jump point
        • for js users opens the tab and all parent tabs and scroll to position
      • Replaced all old syntaxes on Kicksecure with new syntax: old Template-syntax and <div class="tab-content-controller"></div>
  • 2023-06-02
    • Tab Controller
      • Image Content Shift Discussion
      • Image Preload via Javascript
      • General discussion
      • Code Refactoring
      • Reimagining + Documentation
  • 2023-06-01
    • new widget Widget:Headline + documentation
    • TabContentController
      • nojs upgrade
        • searchAndReplace all occurrences of Template:Tab on Kicksecure and Whonix
        • documentation
        • New wiktests
      • id upgrade for nojs + documentation
  • 2023-05-31
    • Phabricator review updates
    • Font-Awesome FA6 CodeSelect Adaptation
    • Discussion Tab Controller Content Shift
    • Chromium Scroll shift bug discussion
    • Outreach text written
    • webpagetest review, research and tests
    • Discussion Todo
  • 2023-05-30
    • Blockquote overlap bugfix
    • TOC weird look Firefox bugfix
    • Quotation in table bugfix → in reality: table auto wrapper padding bugfix
    • Phabricator research and answer
    • Sitenotice active parameter upgrade + documentation
    • Banner styling in general and banner001
    • Micro Content Shift Chromium Bug research
    • font awesome direct style for header super menu
  • 2023-05-24
    • Content Shift Fix Virtualbox + Donate
    • PayViaPaypal content shift prevention + Nojs Improvement
    • Chrome reload shift bug report
    • Font Awesome upgrade
    • Banners documentation upgrade
  • 2023-05-23
    • Blockquote normal style + special style + documentation
    • Content shift prevention
      • CodeSelect image content button
      • CodeSelect target feature styling + helper div styling + prism styling
      • ShareTooltip
      • Auto table wrapper
      • Small fixes for special pages
  • 2023-05-22
    • Mediawiki template parser bug answer refinement
  • 2023-05-20
    • Quotation new Cases + Tests
    • MediaWiki list parser bug research + documentation
    • new template ContentImage + documentation
    • Header design fix for over-wide pages
    • Content shift design fixes for mw-collapsible and tabContentController
  • 2023-05-19
    • Discussion Todo
    • Content Shift research + CodeSelect content shift prevention
    • Blockquote improvements
    • Quotation Template + documentation
    • Developer documentation about html templates, specifically Mediawiki parser bug avoidance
    • MediaWiki bug report about html templates inside lists
    • Contributor Template bugfix + wikitable-auto-wrapper upgrade
  • 2023-05-13
    • Blockquote margin improvement
    • JSHint analysis + improvements + documentation + other tools
    • new blockquote design
  • 2023-05-12
    • Discussion Todo and usage of the noinclude tag
    • Table overlength vertical content shift prevention
    • Share Modal vertical content shift prevention
    • check integrity of user downloaded files research
  • 2023-05-10
    • TOC mobile overwidth CSS fix
    • Excluded header and footer from search engines
    • new feature ThumbGallery + documentation
    • Scroll table research + discussion + desktop version modification
  • 2023-05-09
    • Todo Discussion
    • Bug reports review + improvement
    • table over-width research + new feat wikitableAutoWrapper + documentation + replace scroll-table Kicksecure + Whonix
  • 2023-05-06
    • Form element labels pagespeed bug report preparation
    • Open Graph Research
    • FlyinNotification updated and moved to footer
    • GoogleOff upgrade
    • Mediawiki image link "selflink" bug report preparation
    • Collapsible elements research
    • async defer research and tests
    • critical css reseach tests
  • 2023-05-05
    • Download Choice on homepage improvements
    • Mediawiki bugs reviews and reports written
    • Todo Discussion
    • Browser ddos vulnerabilities report written
    • mininav image link problem research / analysis
    • Header super menu mobile position bugfix
  • 2023-05-02
    • "Layout was forced ..." error message research
  • 2023-04-29
    • Outreach texts written + planning + scheduling
    • Homepage Download improvements + mobile
    • Template Virtualbox improved
  • 2023-04-28
    • Code link css
    • Cookie samesite research + implementation
    • thumb lazy load bugfix
    • Mobile hidden scrollbar research + fix
    • Discussion Todo
  • 2023-04-25
    • Tab Controller Template + Replace + documentation
    • Funding strategy discussion
    • Small mobile design tasks
    • Cookie discussion + move to JS cookie multiwiki + documentation
    • Video Script rewrite
  • 2023-04-22
    • Homograph attack video script rewrite
    • $.cookie to mw.cookie research and replace toclevelswitcher + flyinnotification + sitenotice + debugviaurlmodal
    • tab-content-controller new feature linked controllers + documentation updated
  • 2023-04-21
    • Discussion Todo
    • Video short screenshots final production
      • Thumbnail design
      • Tweet preparation
      • Research Youtube shorts thumbnail rules
  • 2023-04-19
    • Windows Installer Dev Coop
    • YT shorts rules research
    • Video screenshots rewrite 30% less text (to fit shorts criteria)
    • Video Homograph rewrite
    • Video short about Screenshots production
  • 2023-04-18
    • Whonix Windows Installer Design analysis + suggestions + Call
    • Mediawiki Testers Version If-Clause
    • Multiwiki-Deploy + Testing
    • code-box fixes
    • thumbnail fixes mobile
    • /wiki/Download upgrade + homepage
  • 2023-04-14
    • Mw-collapsible patch review
    • tab content controller white border style + dark class + new function data-tcc-url + documentation
    • Discussion Todo
    • Linux on Kick + multiwiki
    • mininav upgrade mn-dark + documentation
    • icon bullet list comma bugfix
  • 2023-04-12
    • Template Upstream Wiki upgrade
    • improved template Archive Link
    • Self Support First Policy Page + Template
    • Upgrade Mbox template
    • New template: introlike
  • 2023-04-11
    • FlyInNotification mobile links + dark mode close
    • Thumb bugfixes
    • VideoLink Widget upgrade
    • Virtualbox Templates + Redirect + ReplaceLinks
    • flatpak-install page fix
  • 2023-04-06
    • Marketing strategy suggestions
    • flyinnotification bug review + little design improvement + headline link
    • Video link template
    • Virtualbox CLI and Xfce unification
    • Flatpak install unification
  • 2023-04-05
    • Self Support First Policy suggestions
    • Donation strategy analysis
  • 2023-04-04
    • Discussion ToDo
    • Video short url impersonation punycode script
    • Video short mistrust screenshots script
    • flyinbanner link + documentation
    • thumb improvements
    • Pull request helper-scripts
    • Suggestions for "Free Tools marketing strategy"
  • 2023-04-01
    • Todo updated
    • grep-find-unicode-wrapper new version as scan-text-file
    • Unicode dangerous characters research
    • Video hidden attacks revisions + video description
  • 2023-03-31
    • FlyInNotification mobile small version
    • Bug report answer Collapsible Elements
    • Video Hidden Text Attacks production + title image
    • Thumbs double border improvements
  • 2023-03-29
    • Video Hidden Text Attacks production
  • 2023-03-28
    • Whonix wiki/Linux content fix
    • Pagespeed improvements
      • Headline research
      • Research “Links are not crawlable”
      • Total blocking time research and testing
  • 2023-03-25
    • Donate pages improvements text image design
    • Content fix Whonix Linux installer page
    • Discussion ToDo
    • PayviaPaypal change amount on interval change
    • "Time to Interactive" performance research
    • Software pitch
  • 2023-03-24
    • PayViaPaypal upgrades usability, simple design
    • FlyinNotification upgrades functionality, design, smallery file size
    • Strategy discussion
  • 2023-03-22
    • mwcombine source maps + uglify syntax + documentation
    • Discussion ToDo
    • PayViaPaypal redesign (guardian) + cleanup
  • 2023-03-21
    • Video Kicksecure 001 script
    • Cookie warning bug analysis
    • Pagespeed optimizations
    • mwcombine error output + add source map for custom js
  • 2023-03-15
    • Discussion Todo
    • Image optimization SVG and hero + analysis
    • Improved Whonix Linux installer page
    • Repo web interface research
  • 2023-03-14
    • Instantpage documentation
    • purge extension and fork analysis
    • Donors page thumbnail
    • multipart email thunderbird research
    • Discussion instantpage and multipart email
  • 2023-03-11
    • Discussion Todo
    • mw-combine upgrade feature justcopy + refactoring + documentation
    • DonorCard.css upgrade + DonorTestpage link threshold correction (only s and higher examples)
    • Integration and testing instantpage.js
    • Headscript refactoring
    • Thumbs design fix for gallery thumbs
  • 2023-03-10
    • Design fixed KS Trust page + Whonix HP
    • Discussion ToDo
    • BackToTopButton mobile fadeout
    • Responsive Thumbnails + docu
    • Source map research
  • 2023-03-08
    • Discussion Todo, DonorCard etc
    • Donor cards feature + design upgrade + documentation update
    • Donors and Testpage Donors texts
    • Template intro thumbnail fixes + notpageimage research
    • Content attribution, Design improvements
    • Extension:Popup reference preview research and suggestions
  • 2023-03-07
    • Bugfix PayViaPayPal + upgrade design
    • Research image thumb generation mediawiki
    • Template:intro CSS Firefox fix + upgrade hidden thumbnail thumb parameter + documentation Dev/mediawiki#Intro_paragraph
    • Donors Wiki page related tasks
  • 2023-03-03
    • Bugfix Kicksecure homepage overview-image
    • Bugfix newline bug in HeaderMultiWiki
    • Sitenotice close button upgrade optically and functionally
    • Check image quality
    • PagePreview / TextExtracts bugfix on some pages
    • Template:intro upgrade + documentation
    • Fontawesome preloading
    • Donor Page card design
  • 2023-03-01
    • Banner bigger close + cookie bugfix
    • Discussion CSS optimization and CSS extension
    • Banner rewrite with new method and documentation
    • Multiwiki deploy and testing
  • 2023-02-28
    • Image optimization + metatag Research + new helper program
    • Codeselect upgrade optional img lazy load + docu
    • extension:pagePreviews broken fixes
    • intro template and css upgrade
  • 2023-02-27
    • Discussion ToDo
    • ShareTooltip regexp-bugfix + new mediawiki share logo
    • Textextracts extension research
    • Footer fixing
    • Reduce warnings of w3c validator
    • Banner slim variants
    • short debugging discussion mw-combine error
  • 2023-02-22
    • Bugfix for mobile back button broken
    • Bugfix fors Anchors missing
    • Discussion Todo
    • Fixed Kicksecure Badge svg file
    • Banner dev wanted for Kicksecure was created
    • New banners were uploaded and installed
  • 2023-02-15
    • Creation of 5 banners
    • Discussion donor recognition
  • 2023-02-14
    • MiniModal upgrade all modals close on back button + documentation
    • MwCombineWrapper refactoring
    • Whonix Kicksecure HP minor fixes
    • optimized SVG versions for some logo images
    • coming soon sign
  • 2023-02-13
    • Discussion ToDo
    • PageHomepage
      • Modals share anchors introduced
      • Text can now again be marked and individually copied
      • Highlighting of selected card via url hash + extending hidden areas if needed + open modal if available + back button can be used to return from modal
      • CSS reduction + Firefox fixes
      • MiniModal upgrades + documentation Dev/mediawiki#Mini_Modal
  • 2023-02-06
    • Discussion ToDo
    • CodeSelect highlight language extension variable externalization
    • Minify JS-HTML suggestion
    • mw-combine sanity test and conditional folder creation for src-copy + documentation
    • forums year end banner repair
    • Page editing via header super menu oldid fix
    • Removed nojs.css mentions and updated documentation
    • fonts.css relevance checked and deleted on all wikis
    • multi-wiki-deploy, tests and small bugfixes
  • 2023-02-04
    • CodeSelect Highlight upgrades: less code, better usage, bugfix + documentation
    • Optimization mw-combine: better naming, spacing, formatting, usage
  • 2023-02-03
    • Discussion Todo highlight / prism, discussion strategy
    • Replaced highlight-js with prism-js for CodeSelect + new tests on Testpage + feature target highlight + prevent highlight for CodeSelect icon form for speed optimization
    • Nojs.css deleted and purged from build.json + styles moved to other style files (closer to nojs styles
    • mw-combine improved: folder sanity check, array check for build.json categories
  • 2023-02-02
    • Discussion Todo
    • Research highlight js libs, removed Highligh extension, installation of highlight.js
    • CodeSelect integration of deferred highlight.js + new Feature "lang" to control highlight language or set to auto / none
    • CodeSelect examples were created Testpage1
    • CodeSelect documentation was updated Dev/mediawiki#CodeSelect
  • 2023-01-31
    • Code review for link-to-archive
    • CodeSelect review research + rewrites + new feature "target" + nojs adjustments + template lang research + documentation
  • 2023-01-27
    • push to the mediawiki-extensions-CookieToBodyClass git repository
    • headscript fail open investigation, research, testing
    • New Feature SiteNotice replacement for DismissableSitenotice + documentation Dev/mediawiki#SiteNotice_Donation_Banner
  • 2023-01-26
    • Tor Browser noscript optical bug fix + documentation
    • Hide banners cleanup
    • New Mediawiki Extension CookieToBodyClass + documentation
  • 2023-01-25
    • Header Donate designfix
    • Login image bug and localWiki option concept
    • Reproduce attempt for wide resolution bug
    • Simplify hide_all_banners + documentation
    • Discussion ToDo
    • Whonix outreach communication
    • Kicksecure vector text convert to path
    • About / FAQ mininav unification
    • Mediawiki extension research
  • 2023-01-24
    • Todo discussion
    • Footer QR Modal empty img to JS + Testing
    • Header Refinement images + multiwiki deploy
    • Homepages shaking hands bugfix
    • main mw-combine js defer
    • fontawesome experiments and research
  • 2023-01-23
    • Kicksecure and Whonix homepage and footer image optimization including link rewrites to thumbs, lazy loading async decoding and re-uploads of images which are too small. Also documentation: Dev/website#Images.2C_Files_and_usage_of_thumb and some style upgrades
    • Kicksecure Header mobile bugfix
    • Mobile bars logo for Kicksecure and Whonix headers. Also 4 main images in header given width and height
  • 2023-01-21
    • Installation wiki on local Kicksecure VM
    • Documentation
    • Mediawiki thumb research
  • 2023-01-20
    • Another test and testing with google pagespeed and gtmetrix + documentation
    • Documentation about deferrable js scripts
    • new feature: pageRefToLinks + documentation,
    • Whonix and Kicksecure HP replace background images with images (for good page metrics)
    • multiwiki-deploy and review
  • 2023-01-19
    • Principle research on mediawiki extensions and review of DismissableSitenotice extension
    • Installation local wiki vm und and ssh keygen
    • Scrollindicator desktop fix + documentation
    • loading eager lazy research with admnin
    • Created multiple test cases for loading with google pagespeed under /test
  • 2022-12-28
    • end-of-year donation banner fix
    • broken PayPal donate button investigation
  • 2022-12-22
    • srcset discussion
    • Whonix homepage replace all background images with foreground + give alt attributes
    • Kicksecure homepage last images from background to foreground
    • srcset sizes research
    • full local file CSS JS documentation
  • 2022-12-21
    • Deactivation and replacement of Bootstrap on Kicksecure and Whonix
    • upgrade MiniModal (retain dom events in content, esp. for CodeSelect)
    • Sitenotice exclude from search
    • Duplicate footer fixed
    • Kicksecure homepage head area + no background images + alt attributes
  • 2022-12-20
    • Discussion page speed
    • Search engine bots no index for functional components
    • Kicksecure homepage: logo as svg + overview image preload blur
    • Whonix homepage slogan and call to action + overview image preview blur
    • mediawiki common.js event alternative
  • 2022-12-19
    • Research Blurhash srcset
    • Mediawiki new version CSS and JS fixes: Search + Editor Fullscreen + all pages, nocache cookie, reduced dependencies
    • SVGs for Kicksecure logos
    • Research hiding repetetive text parts from search bots
    • DebugViaUrlModal upgrades
  • 2022-12-09
    • Outreach thank you mail HTML and mail body + send security discussion
  • 2022-12-08
    • Discussion thank you message
    • Research Multipart-Mime Emails Research + Discussion + Technology outline
    • Outreach thank you mail template
  • 2022-12-07
    • Whonix Exposé 100%
    • Outreach communication
    • ShareTooltip Markdown bugfix
    • Thank you message research
  • 2022-12-06
    • Video via nginx discussion
    • research combine CSS/JS or not
    • CSS column bugfix
    • Real World attacks page
    • Whonix Exposé 60%
  • 2022-12-05
    • Prevent Enhance Headlines feature + Template + documentation
    • HTML5 video on demand HLS DASH etc discussion
    • Preloading fonts in Headscript
    • HTML5 video play (speed) bug fix
    • Templates tcc bug examination
    • Page_homepage.css loading discussion
  • 2022-12-02
    • Whonix Youtube channel go live
    • strategy discussion
    • Footer Youtube and Invidious buttons
    • Whonix Homepage Play button
  • 2022-12-01
    • Whonix outreach communication
    • Whonix 003 Video final render
  • 2022-11-30
    • Whonix 003 Video review + improvements + title image
    • Whonix outreach communication
    • deep exif and ffprobe checks for all videos
    • Kicksecure welcome page all resolutions
    • HTML5-Video research
    • Strategy discussion
    • created Bitchute channel
  • 2022-11-29
    • Whonix 003 Video Cut 100%
  • 2022-11-28
    • Tab Controller new Feature nested tabs
    • Outreach artist reviews and communication
    • Elementary IO compare HP search for our own communication improvements
    • Outreach strategy discussion
    • Page speed analysis and improvement suggestions
    • Outreach video pre-production
  • 2022-11-25
    • Odysee and Rumble accounts created
    • Footer improvement discussion
    • ShareTooltip alt attr improvements
    • outreach video script upgrade and discussion
    • Whonix outreach communication
    • Replace vm and host live mode links
    • Analysed Whonix Host page
  • 2022-11-24
    • Bugfix EOY donation banner contentforSlideserror + refactoring + deploy to Kicksecure and Whonix
    • Whonix outreach communication
    • Bugfix: Kicksecure Welcome page long screen bug + Whonix checkup for bug (no problems) + newest version EOY donation banner + close button bugfix
    • Whonix Forum Post count CSS fix
    • Kicksecure + Whonix Donate pages now MultiWiki
    • Share Tooltip Selector Bugfix
  • 2022-11-23
    • Whonix outreach communication
    • Forums End of year banner + onion compatible + tor testing
    • HTML/CSS validate errors fixed (there was a W3C error)
    • Whonix Forum Search bar Support Link via JS
    • Sitenotice Speedup Kicksecure + Whonix + performance test + documentation
    • Dispora link for Whonix footer
    • Whonix Live Mode page 50%
  • 2022-11-22
    • Forums CORS Research together with admin
    • mw-combine now copies the src files to "src-copy" folder too for different use cases
    • Whonix forum: mixed content error research
    • archive link selector bugfix
    • Forum end of year banner 50%
    • wiki end of year banner performance testing
    • Whonix welcome page static HTML end of year banner
    • Wiki End of year banner Page speed-up research
  • 2022-11-18
    • Local Browser HP
      • Play button bugfix
      • Payment-links fix
      • Tor Research solution attempts
      • Fix cookie by using localstorage
      • jquery depedency from debian package
      • Documentation
  • 2022-11-17
    • Mediaviewer CSS fix
    • Preparation Whonix Live page
  • 2022-11-16
    • EndOfYear for local welcome pages 100%
      • deploy to Whonix and Kicksecure
      • Date limit, not shown after 2022-12-31
      • Move whonix local welcome page endofyear library source to kicksecure local welcome page
      • Dismiss close animation
      • documentation Dev/mediawiki#SiteNotice_End_Of_Year_Banner
    • Whonix outreach communication
  • 2022-11-15
    • Whonix outreach communication
    • EndOfYear finalization, smooth fadeIn, customizable title, nojs, deployed to Wikis
    • Changed Whonix forums search text
    • Changed Whonix and Kicksecure navigation
    • EndOfYear for Kicksecure local HP 30%
  • 2022-11-14
    • Whonix Forum Archive symbol fix
    • EndOfYear crypto-adresses, donate-button-mobile, cookie for dismissing, make it param-generic, content shift prevention, tests and preparation to deploy to forums
  • 2022-11-12
    • Grub-live and USB_installation pages improvements
    • EndOfYear Banner 95%
    • PayViaPaypal as jQueryExtention
    • Whonix forums topics mobile design bugfix
    • Donate page panel mobile + learn more
  • 2022-11-11
    • Whonix outreach + donations discussion
    • EndOfYear Banner 30%
  • 2022-11-10
    • Kicksecure Live_Mode page creation 100% done
    • fontsize CSS helper classes + documentation
    • Grub-live page revision 100% done
    • Template:live navigation update and redirects from former VM_Live_Mode and Host_Live_Mode pages
    • Kicksecure USB_Installation page review 100%
  • 2022-11-09
    • Discussion LiveMode and Marketing
    • Kicksecure new Live Mode page 30%
  • 2022-11-08
    • Whonix outreach communication
    • Possible shop research and discussion
    • Kicksecure GUI images
    • Discourse No Jump + Mobile fixes + documentation
    • Live Mode content review
  • 2022-11-07
    • Encrypted Support v1.1 deploy attemps
    • Kicksecure Logo Telegram fix
    • Discourse forums documentation
    • Discourse forums footer + research
  • 2022-11-03
    • Kicksecure Forum new images + new categoris
    • Kicksecure and Whonix forums legal banner
    • Kicksecure and Whonix forums Nojs research and solution
    • Encrypted support v1.1 - 20%
  • 2022-11-02
    • Virtualbox transfer to Whonix
    • Forum improvements for Kicksecure and Whonix
    • new Whonix forum category images
    • Kicksecure logo re-imagining suggestions
  • 2022-11-01
    • Hidden text danger demonstration Nojs fix
    • VirtualBox page improvements
    • Content discussions and improvements
    • VirtualBox page improvements
    • General print version improvements of Whonix and Kicksecure
    • mw-combine improvements
    • Newsletter research
    • Whonix outreach voice actor research
  • 2022-10-31
    • Whonix FAQ improvements, analysis of texts and rewrites
  • 2022-10-28
    • Integration of Whonix new tor explainer images
    • Kicksecure Livemode promo image + HP integration
    • Whonix About page improvements
    • LeftRightImage Feature promo style
    • LeftRightImage Feature imagelink + documentation
    • mw-multi-wiki deploy
    • Content and examples for Shell
  • 2022-10-27
    • Kicksecure internal welcome page image attribution
    • skin pref admin documentation
    • hide-all-banners noscript research
    • CodeSelect insert-html-mode feature, see Dev/mediawiki#CodeSelect
    • Whonix new tor explainer images
  • 2022-10-26
    • Kicksecure internal welcome page + CC search
    • set-up of git repositories (especially new dark mode fork)
  • 2022-10-25
    • Dark Mode Firefox and Tor Browser research and suggestions
    • Virtualbox and Whonix testing on Ubuntu
    • Stage Server discussion
    • Git deploy call
    • Dark Mode Extension Fork + documentation Dev/mediawiki#Extension_Dark_Mode_.28Fork.29
  • 2022-10-24
    • Multiwiki/LocalWiki refactoring + documentation
    • EditorMultiwikiNotice new + onion feature + documentation see Dev/mediawiki#EditorMultiwikiNotice
    • Whonix wiki old mw-combine quickfix, later revert to stable
    • Whonix outreach campaign communication
  • 2022-10-23
    • Sitenotice mobile scaling bugfix
    • Multiwiki/LocalWiki refactoring + documentation
  • 2022-10-21
    • ShareToolTip markdown/phpbb anchor upgrades bugfixes testing documentation
    • Custom footer research + overlay fix
    • Footer Randomnews replacement
    • Dark mode button for custom footer
    • CSS fixes for editorautobackup
    • Multiwiki deploy of new features to Whonix and testing
  • 2022-10-20
    • ShareToolTip upgrade + Clipboard options
    • Dark Mode bugfix research + fix
    • Footer overlays important review tools research and solution suggestions
    • Whonix outreach campaign communication
  • 2022-10-14
    • Kicksecure + Whonix 2 new HP features
    • SiteNotice Layout Shift research and suggestion
    • Performance Tests Page PerformanceTests created
    • 2 JS Performance fns created in JsPerformanceTests.jsarchive.org
  • 2022-10-13
    • Kicksecure homepage updated like Whonix HP (structure, css, fns, content)
    • added Kicksecure HP Features
    • changed Kicksecure HP cumulative changed metric from 0.24 → 0.02 by predictable image sizes
    • seo images research
  • 2022-10-12
    • ShareTooltip new Sharing Options
    • Whonix HP content shift reduction and speed optimizations
    • Kicksecure HP Features + Upgrade 50%
  • 2022-10-10
    • Review outreach storyboard and corrections
    • new landing page feature cards
    • mw-combine more dontload options
    • landing page pagespeed optimizations
  • 2022-10-09
    • Meeting pagespeed analysis and optimization + documentation
  • 2022-10-08
    • Headline Bug (hidden behind padding)
    • gtmetrix / pagespeed analysis – performance test strategy
    • new image for everything Tor
  • 2022-10-07
    • ShareTooltip upgrade as jQuery Extension
    • CodeSelect upgrade as jQuery Extension
    • Creation EnhanceHeadlines
    • Deployment to Kicksecure and Whonix
    • Testing
    • Documentation
    • Homepage new features cards and images
  • 2022-10-01
    • realization contractor communication, negotiation and clarification
  • 2022-09-30
    • Script 003 outreach improvements and realization contractor research and communication
  • 2022-09-29
    • Script 003 outreach preproduction: storyboard (incl. texts, images, restructuring)
  • 2022-09-28
    • Shortened rewrite Script 003 outreach
    • discussion privacy first mobile operating systems
    • small bugfix leftRightImage
  • 2022-09-23
    • Script 003 outreach
    • Whonix installation and virtualbox testing
    • documentation
  • 2022-09-22
    • ShareTooltip further upgrades and finalization
    • user group promo texts and images collage
  • 2022-09-21
    • outreach artwork finalization
    • ShareTooltip, bugfix, documentation and deployment
  • 2022-09-20
    • ShareTooltip upgrades and revisions
    • outreach artwork reviews
  • 2022-09-19
    • Introduction of ShareTooltip component
    • work on social media strategy
  • 2022-09-16
    • User Groups concept images
    • coordination with artist
    • Homepage new image Linux account separation research
    • Homepage tooltip upgrade
    • Homepage link symbol repositioning
  • 2022-09-13
    • Homepage clickable boxes logos
    • Homepage apps Section alignment
    • improved intro paragraph
  • 2022-09-12
    • Download page optimization
    • video content script and review
    • new feature Left-Right Image Text
  • 2022-09-09
    • video content script
    • video content banner
  • 2022-09-08
    • video content logo, setup, texts
  • 2022-09-07
    • bugfix Modal Search
    • bugfix EditorSave
    • video content production
  • 2022-09-06
    • new promo images
    • MiniModal vertical cut fix
    • video content production
  • 2022-09-02
    • Homepage fixes
    • new promo images
  • 2022-09-01
    • Homepage content review
    • new promo images
    • improved modals
    • mobile fix for section press
  • 2022-08-30
    • Improved Whonix Homepage
    • Improved images
    • Improved Whonix Main_Page
  • 2022-08-29
    • new tool Icon-Bullet-List widget, CSS and documentation
    • new CSS feature Color Schemes + documentation
    • new feature vspacer
    • improved Download Button onion link
    • Fixed hidden banner issue
  • 2022-08-25
    • Whonix content production
  • 2022-08-24
    • Whonix content production
    • table icon improvements: Whonix comparison with VPNs
  • 2022-08-23
    • New tool: info-tooltip
    • added new nojs-classes
    • new Pages.jsarchive.org
    • table improvements: Whonix comparison with VPNs
  • 2022-08-22
    • Whonix webpage improvement, table Whonix comparison with VPNs
  • 2022-08-20
    • Whonix content production
  • 2022-08-18
    • Whonix content production
  • 2022-08-17
    • Content Review
    • improved https://www.whonix.org/wiki/Contributearchive.org
    • Mininav upgrade for external links
    • reverted Download-Button back to widget
    • converted Responsive Thumbnail into template
    • created intro paragraph design class
  • 2022-08-16
    • Content Review
  • 2022-08-15
    • CSS and JS validation and review with linters
    • reviewed and changed mobile.js
    • improved hide-enlarge
  • 2022-08-05
    • Improvement on Whonix Homepage
  • 2022-08-04
    • Javascript Dom Timing bug research
    • Mediawiki Newline Bug research and report
  • 2022-08-03
    • Improved mw-combine allow comments in build.js and docu
    • changed from Widget to Template Download-button
    • Kicksecure HP mobile fixes
    • TOC level switcher upgrade
    • MediaWiki newline bug research
    • small Headscript content upgrades
  • 2022-08-02
    • Fix Sitenotice only visible on pages with localSkin
    • small Homepage fix
    • Thumbnails fix
    • Deploy Fixing
    • CSS Refactoring
    • Headscript content upgraded
  • 2022-08-01
    • HeadScript Upgrade nojs.css
    • headscript-upgrade nojs.css
    • Template Header minified
    • CSS Extension review
    • Kicksecure Footer fix
    • Documentation of new include concept
  • 2022-07-30
    • HeadScript Upgrade mw-autogen
    • mw-combine.php
    • headscript-content.php
    • refactored existing JS files
  • 2022-07-29
    • Javascript research and development of new include concept with autogenerated JS and CSS
  • 2022-07-25
    • MultiWiki refactoring
    • info-box improvement thumbs
  • 2022-07-22
    • Fix Vector 22 search mobile
    • MultiWiki Restructure plan and Doc
    • MiniModal Navi Fix
    • EditorAutoBackup V2 plan
  • 2022-07-21
    • Docu Flagged Revisions
    • Research, analysis, docu for skins
    • Fix search for Vector 2022 skin
    • Fix burger menu for Vector 2022 skin
  • 2022-07-18
    • restructuring of Dev/mediawiki finalization
    • new module MiniModal
    • new module EditorAutoBackup
  • 2022-07-16
    • Research regarding wgCanonicalNamespace
    • restructuring of Dev/mediawiki
  • 2022-07-15
    • Whonix BIMI Logo SVG fix
    • FlyInNotification converted to MultiWiki
    • General MultiWiki conversion
  • 2022-07-13
    • Continued and finished work on homepage.
  • 2022-07-12
    • og:image on all pages
    • image for chroot
    • fixed Kicksecure Text Logo
    • improved Download, Donate
    • Kicksecure BIMI Logo SVG created
    • improved Header and Header Menu
    • created homepage and style first and second section

Sprint 2021-12 to 2022-03

  • 2022-03-23
    • Tried to separate data of FlyInNotification.jsarchive.org into separate JSON file. Failed because of insufficient Mediawiki Javascript content and data access API
  • 2022-03-19
    • Kicksecure new logo finalization
    • data export to Kicksecure
  • 2022-03-18
    • Kicksecure logo new design
  • 2022-03-17
    • Welcome page finalization
    • new improved version of Whonix concept image
  • 2022-03-16
    • Redesign Welcome page part 1
    • FlyInNotification improvements
    • Upgrade of Template:Box
  • 2022-03-15
    • FlyInNotification finalization
    • predictable column break classes für 3-column areas
  • 2022-03-10
    • creation of module FlyInNotification
  • 2022-03-09
    • Redesign of Homepage amendments
  • 2022-03-07
    • Redesign of Homepage finalization and made responsive
  • 2022-03-05
    • Redesign of Homepage part 2
  • 2022-03-04
    • Redesign of Homepage part 1
  • 2022-03-03
    • DownloadButton now responsive
    • NoJS version of ExpandAll
    • Mobile scrollbars
  • 2022-02-26
  • 2022-02-24
    • images (.thumb, .thumbinner) made responsive, examples see Warning
    • Donation panel, mininav, EUR page improvements
    • Download_Button redirect feature
  • 2022-02-23
    • Improved donation panel: Payment links, design
    • Improved our Extension:CSS fork, alternative inclusion method for local CSS
    • further new Vector skin fixes: min-width
  • 2022-02-22
    • new Vector skin activated, resulting problems fixed
    • 10 year banner: close improved, scaling for mobile
  • 2022-02-21
    • 10 year banner created
    • SiteNotice improvements and fixes
    • Php Notice Undefined Index fixes
  • 2022-02-11
    • donation panel Nojs solution
    • donation panel realization and images for other payments
  • 2022-02-10
    • improved FullScreenEditor for CodeMirror
    • improved donation panel
  • 2022-02-08
    • donation panel crypto section finished
    • donation panel paypal section design finished
  • 2022-02-07
    • development start of donation panel
    • creation of original QR logo
  • 2022-02-05
    • improved Header overlap: no found occurrences anymore. Plus documentation: Dev/mediawiki#Fixed_Header_Overlap_for_anchors
    • improved Mininav style when item stack and for smaller displays
    • research and documentation about DismissableSitenotice
    • research and documentation about GDPR CookieWarning
  • 2022-02-04
    • SiteNotices beautified, enhanced via JS and documented
    • Footnotes Newline in the normal html way again, <br> for newline
    • BackToTopButton documentation
    • Mediawiki notifications (e. g. "Your edit was saved") beautified for whonix theme and placed visibly below header
  • 2022-02-03
    • SaveAndContinue-Button: Modal improvement
    • Back to Top Button introduced
    • Rejected: Scrollable Table Bugfix - this is a result of the table being hidden in an invisible element, so not a bug. If the table is hidden is has no dimension and so it cannot "know" if its content is oversize
    • Footnotes always respect newlines setting and discussion (later reverted)
    • Widget:Download_Button: responsive for small displays (under 450px)
  • 2022-02-02
    • mini navigation (buttons on top of some pages) visually enhanced
    • wiki edit preview our-footer overlaps save bar bugfix
    • Archive_link: explained wrong "|onion={{QubesOS_onion}}" vs correct use "|onion=http://{{QubesOS_onion}}"
  • 2022-01-31
    • RandomNews for footer shortened and improved
    • TOC hide/show improved
  • 2022-01-20
    • tables oversize solution introduced, also for mobile swipe indicator for oversize
    • Download Page, supported icons improved
  • 2022-01-19
    • improvements for mediawiki search
    • new mono font introduced
    • pre alternative for special cases introduced
    • table of contents jump paddings corrected
  • 2022-01-18
    • improved styles for tables, lists, blockquotes, pre, code etc
  • 2022-01-17
    • codeSelect Bugfixes and style improvements
  • 2022-01-15
    • Development of Extension:CSS fork with new functionality
    • Header improved for JS users
  • 2022-01-14
    • Header overlapping jump targets fixed
    • Vector Skin remove external link symbols
    • Editor Fullscreen Feature for editor added
    • Header made responsive down to 370px and optimized for mobile usability
    • CodeSelect Nojs style fix + new parameter inline so multiple instances can be combined in one line --target virtualbox , --target qcow2 , and --target raw
  • 2022-01-13: Completely new Header developed and installed
    • Header is inserted as a Template and fixed to top
    • Header features like the header form 2022-01-09
    • Completely Nojs and Mobile friendly
  • 2022-01-11: SaveAndContinue-Button: New JS-Feature for faster Development
  • 2022-01-10: Creation of BodyScript2 Mediawiki Extension
  • 2022-01-09: New Header developed
    • Restructuring via Sidebar
    • unifying all menus in one supermenu
    • replacement of donate button
    • Main Logo links to whonix.org
    • nice hover effects
    • Search in modal instead of box (for js users, else go to search page)
  • 2022-01-08: Nojs.css incorporated - styles exclusively for Nojs visitors
  • 2022-01-06: New footer incorporated
    • new Style, better layout and ordering
    • Bootstrap modals for content
    • engaging action buttons
    • Integration of whonix news
  • 2022-01-03: Crypto address templates unified and Crypto address images unified
  • 2021-12-31: Footer RandomNews. Solution: RandomNews template was not available in Footer2 widget (because: widget), so RandomNews was called in Footer2-Template. In template it is hidden by CSS and the whonix random news section in footer is filled with generic text. If JS is available RandomNews are moved to Footer (true HTML widget area)
  • 2021-12-31: CodeSelect Improvements, Refinements #3. Green color and check mark if copy is clicked
  • 2021-12-30: CodeSelect Improvements
    • after clicking the copy symbol, the copy symbol changes into a green checkmark, later changes back
    • CodeSelect can be called as a template but also simply by
      <div class="code-select">code</div>
      - essential for usage in Widgets
  • 2021-12-29: Footer subdomain fixes by protocol and apex domain for forums subdomain (whonix.org and .onion)
  • 2021-12-28: Footer redesigned
  • 2021-12-23: CodeSelect further improved: less white space, more compact, better nojs-version, better js-animation
  • 2021-12-23: Combi task: External Links / Template + Widget Archive-Link
    • Improved Mediawiki Extension "Link to archive"
      • differentiate automatically between normal link, onion-link and link to web.archive.org
      • Show logos instead of long "[archive]" text
      • logo / title attribute / logo link href according to linked url: normal → archive symbol + archive link / onion → onion logo and onion link / archive link → archive logo and same link
    • Template Template:Archive_link and Widget:Archive_link and Archive_link.cssarchive.org created: Similar to "Link to archive", but you can choose if you want an archive link, onion link or both
  • 2021-12-21: Whonix Logo Format: discussed: jpeg and png specific use cases. And logo-text and logo delivered without padding
  • 2021-12-21: Whonix Logo finished
  • 2021-12-20: mediawiki skin selection
    • Whonix? -> Keeping mediawiki skin Foreground and adding CSS fixes later.
    • Kicksecure: Which skin should be used as foundation? -> Same but with different CSS to have distinctive styles/colors.
  • 2021-12-19: Colored Platform Icons, 500px*500px
    • some icons pulled from web in better solution
    • apple logo rights research. Seems using the logo is in most of the world public domain and in copyrighted jurisdictions logo is considered fair use and used by open source projects (means no licence)
    • kvm logo complete redesign
    • review/improve colored symbols for Template:Supported_Platforms_Icons since these are used on Download and whonix.org homepage
  • 2021-12-18: Whonix old logo refinement, old text removed, text "Whonix" redrawn
  • 2021-12-17: CodeSelect finished
    • HTML restructured, Style improved
    • direct copy button added, info tooltip added
    • modernized und documented JS mechanic
    • improved upon old mechanic with sidescrolling
    • Non-JS compatible with similar style
  • 2021-12-16: Update Download Button VirtualBox wiki page Download Button: prettify and easier functionality
  • 2021-12-14: invoice template improvements
  • 2021-12-13: discuss (easy, not important): cannot click inspect on other websites

nurmagoz[edit]

newer[edit]

15 - 30/11/2024[edit]

- Add tab controller

https://www.whonix.org/wiki/Other_Operating_Systems#Whonix-GNU.2FLinux-Workstationarchive.org

- Document Bootloader Password

https://www.kicksecure.com/wiki/Protection_Against_Physical_Attacks#Bootloader_Passwordarchive.org

- Sorted out

- Fixed wiki internal broken links

Forums:

https://forums.whonix.org/t/does-whonix-gateway-use-the-same-tor-guard/20747/2archive.org

https://forums.whonix.org/t/ip-leak-while-using-host/20752/2archive.org

https://forums.whonix.org/t/dns-certification-authority-authorization-caa-policy-dnssec-for-whonix-org-ssllabs-com-test-results-ocsp-error-exception-connect-timed-out-http-r3-o-lencr-org-must-staple/5487/45archive.org

7 - 14/11/2024[edit]

- Upgrade-nonroot comment

https://forums.whonix.org/t/qubes-sudo-su-root-hardening-development-discussion/8561/44archive.org

- Investigate removal of plymouth on Debian

https://forums.kicksecure.com/t/error-plymouth-conflict-in-debian-morphing/641/7archive.org

- sort out

https://www.kicksecure.com/wiki/Debian_Packagesarchive.org

https://www.whonix.org/wiki/Debian_Packagesarchive.org

- Add list of packages missing in packages.debian.org

https://www.kicksecure.com/wiki/Dev/Debianarchive.org

29 - 6/10 - 11/2024[edit]

- Accounts Maintenance

Forums:

https://forums.whonix.org/t/cwtch-messaging/5353/57archive.org

https://forums.kicksecure.com/t/kicksecure-as-server-os/354/11archive.org

https://forums.kicksecure.com/t/ubiquity-lvm-tpm/585/21archive.org

https://forums.kicksecure.com/t/enable-and-use-zram-instead-for-swap/654archive.org

https://forums.kicksecure.com/t/error-plymouth-conflict-in-debian-morphing/641/6archive.org

Github:

https://github.com/flathub/com.github.vkohaupt.vokoscreenNG/issues/40archive.org

https://github.com/flathub/com.github.vkohaupt.vokoscreenNG/issues/41archive.org

23 - 28/10/2024[edit]

- Bureaucracy

- Miscellaneous mobile operating system preliminary review

https://www.kicksecure.com/wiki/Mobile_Operating_System_Comparison#Miscellaneousarchive.org

- Document KVM image change directory

https://forums.whonix.org/t/first-time-trying-to-install-whonix-kvm/20602archive.org

Forums:

https://forums.whonix.org/t/i-cant-download-whonix-from-website/20607/4archive.org

https://forums.whonix.org/t/first-time-trying-to-install-whonix-kvm/20602/8archive.org

https://forums.whonix.org/t/whonix-xxxxxxxxxxxxxxx/20616/6archive.org

https://forums.whonix.org/t/failed-to-define-domain-from-whonix-gateway-xml/20580/4archive.org

14 - 22/10/2024[edit]

- Bureaucracy

- host firewall wiki pages

https://www.kicksecure.com/wiki/Special:WhatLinksHere/Host_Firewall_Basicsarchive.org -> update links to https://www.kicksecure.com/wiki/Host_Firewallarchive.org

- Install_Microcode_Package - add tab controller

https://www.kicksecure.com/wiki/Firmware_Security_and_Updates#Install_Microcode_Packagearchive.org

- OpenSUSE preview

https://forums.whonix.org/t/opensuse-tumbleweed-distro-preview/20561archive.org

Forums:

https://forums.whonix.org/t/i-have-no-connection-on-the-tor-resolved/20551/2archive.org

https://forums.whonix.org/t/does-all-traffic-route-through-tor-when-using-rdp-like-remmina/20555/2archive.org

https://forums.whonix.org/t/port-to-opensuse/17400/8archive.org

https://forums.whonix.org/t/flatpak-as-a-software-source-flathub-as-a-source-of-software/8500/64archive.org

https://forums.whonix.org/t/debian-12-kvm-with-firwalld-nftables-wont-work-there-is-workaround/17203/2archive.org

https://forums.whonix.org/t/whonix-17-wont-work-directly-on-debian-12-bookworm-host-no-iptables/16903/4archive.org

https://forums.whonix.org/t/failed-to-define-domain-from-whonix-gateway-xml/20580/2archive.org

https://forums.kicksecure.com/t/ubiquity-lvm-tpm/585/12archive.org

https://forums.kicksecure.com/t/use-btrfs-as-the-default-journaling-file-system/626archive.org

https://forums.kicksecure.com/t/usb-iso-boot-loop/563/10archive.org

Github:

https://github.com/openSUSE/zypper/issues/573archive.org

5 - 13/10/2024[edit]

- Test new tirdad

- Document and consider testing fwupd

https://www.kicksecure.com/wiki/Firmware_Security_and_Updates#Firmware_Update_Manager_(fwupd)archive.org

- Sorted out System_Hardening_Checklist

https://www.whonix.org/wiki/System_Hardening_Checklistarchive.org

https://www.kicksecure.com/wiki/System_Hardening_Checklistarchive.org

- Updated sdwdate onion mirrors

https://forums.whonix.org/t/suggest-trustworthy-tor-hidden-services-as-time-sources-for-sdwdate/856/245archive.org

Forums:

https://forums.whonix.org/t/why-many-search-engines-gone-now-only-ddg-and-startpage-remain/20505/5archive.org

https://forums.whonix.org/t/tcp-isn-cpu-information-leak-protection-tirdad/8552/19archive.org

https://forums.whonix.org/t/find-in-page-ctrl-f-new-ui-crops-website-and-now-feels-slower-to-search/20517/3archive.org

Github:

https://github.com/QubesOS/qubes-builder-debian/pull/85archive.org

https://github.com/QubesOS/qubes-builder-debian/pull/84archive.org

24 - 4/9 - 10/2024[edit]

- update ISO screenshots

- Updated sdwdate mirrrors

https://github.com/Kicksecure/sdwdate/pull/49/commits/4d50ebc128d26f2d5cd36e096d8d537456400083archive.org

https://forums.whonix.org/t/suggest-trustworthy-tor-hidden-services-as-time-sources-for-sdwdate/856/243archive.org

Forums:

https://forums.whonix.org/t/tar-child-xz-cannot-exec-no-such-file-or-directory-install-xz-utils-package/16708/7archive.org

https://forums.whonix.org/t/instructions-to-windows-verify-not-correct/20463/6archive.org

https://forums.whonix.org/t/in-place-release-upgrade-to-whonix-17-2-3-7-seems-to-have-broken-my-flatpaks/20486/4archive.org

https://forums.kicksecure.com/t/can-not-run-flatpak-apps-after-kicksecure-update/592/9archive.org

https://forums.kicksecure.com/t/cannot-run-some-appimage-apps-after-kicksecure-upate/594/2archive.org

https://forums.whonix.org/t/current-state-of-kloak/5605/116archive.org

https://forums.whonix.org/t/help-welcome-kvm-development-staying-the-course/166/590archive.org

https://forums.whonix.org/t/whonix-17-2-3-7-kloak-service-not-restarting/20498/4archive.org

https://forums.kicksecure.com/t/ubiquity-lvm-tpm/585archive.org

https://forums.whonix.org/t/latest-kernel-6-10/20503/2archive.org

Github:

https://github.com/QubesOS/qubes-builder-debian/pull/83archive.org

23 - 27/9/2024[edit]

- Test new Whonix Windows Installer

https://download.whonix.org/windows/17.2.3.2/archive.org

- KVM PipeWire Fix - contact upstream

https://gitlab.com/qemu-project/qemu/-/issues/2561#note_2123338529archive.org

https://lists.libvirt.org/archives/list/users@lists.libvirt.org/thread/JGEVXVUPN5FB7Q3GSZ6VMX53MVVVJJH2/archive.org

https://forums.whonix.org/t/no-audio-with-spice-pipewire-halts-with-alsa-qemu-pipewire-unsupported/20341/6archive.org

- Test and Improve Whonix Installer Verification Documentation

https://www.whonix.org/wiki/Verify_the_images_using_Windowsarchive.org

- Test and improve KVM Serial Console

https://www.whonix.org/wiki/KVM#Command_Line_Interface_(CLI)archive.org


Forums:

https://forums.whonix.org/t/warning-last-releases-of-tor-degraded-its-anonimity-level-compared-to-i2p/20098/17archive.org

https://forums.whonix.org/t/virtualbox-intel-hd-audio-and-pipewire-incompatibility-audio-broken-after-increasing-ram-to-5-gb-no-sound-after-latest-updates-pipewire-bug/18211/25archive.org

https://forums.whonix.org/t/instructions-to-windows-verify-not-correct/20463/3archive.org

https://forums.whonix.org/t/how-do-i-enter-the-whonix-shell-from-cli/7271/56archive.org

17 - 22/9/2024[edit]

- Review / fix Dev/audio:

https://www.kicksecure.com/wiki/Dev/audioarchive.org

- Testing KVM PipeWire Fix ticket

https://forums.whonix.org/t/no-audio-with-spice-pipewire-halts-with-alsa-qemu-pipewire-unsupported/20341/4archive.org

https://gitlab.com/qemu-project/qemu/-/issues/2561#note_2123338529archive.org

Forums:

https://forums.whonix.org/t/running-whonix-vms-on-android-phone/20412/6archive.org

https://forums.whonix.org/t/vanguards-additional-protections-for-tor-onion-services/8064/29archive.org

https://forums.whonix.org/t/warning-flatpak-system-operation-deploy-not-allowed-for-user/20393/5archive.org

https://forums.whonix.org/t/qubes-sudo-su-root-hardening-development-discussion/8561/40archive.org

https://forums.whonix.org/t/no-audio-with-spice-pipewire-halts-with-alsa-qemu-pipewire-unsupported/20341/5archive.org

Github:

https://github.com/flatpak/flatpak/issues/5937archive.org

https://github.com/QubesOS/qubes-issues/issues/9459archive.org


10 - 16/9/2024[edit]

Tested New Point Release:

(So as .6)

https://download.kicksecure.com/ova/17.2.2.7/archive.org

https://download.whonix.org/ova/17.2.2.7/archive.org

test AC97 audio

test Intel HD audio

Tested Whonix Windows Installer:

https://download.whonix.org/windows/17.2.2.7/archive.org

It comes with virtualbox 7.1

KVM libvirt xml improvements - enable 3D:

https://forums.whonix.org/t/how-to-enable-3d-acceleration-in-kvm/16501/18archive.org

https://github.com/Kicksecure/libvirt-dist/blob/master/usr/share/libvirt-dist/xml/Whonix-Workstation.xmlarchive.org

https://github.com/Kicksecure/libvirt-dist/blob/master/usr/share/libvirt-dist/xml/Whonix-Custom-Workstation.xmlarchive.org

https://github.com/Kicksecure/libvirt-dist/blob/master/usr/share/libvirt-dist/xml/Kicksecure.xmlarchive.org

https://github.com/Kicksecure/libvirt-dist/blob/master/usr/share/libvirt-dist/xml/Whonix-Gateway.xmlarchive.org

KVM libvirt xml improvements - unit='MB':

https://forums.whonix.org/t/stop-using-unit-kib-use-unit-mb-instead/20383archive.org

Added tab controller:

https://www.kicksecure.com/wiki/VirtualBox/Other_Versionsarchive.org

https://www.whonix.org/wiki/Template:Restart_Torarchive.org

Forums:

https://forums.whonix.org/t/kicksecure-17-2-2-0-unreleased-version-sound-driver-issue/20379archive.org

https://forums.whonix.org/t/whonix-virtualbox-integration-and-upgrades/11705/34archive.org

https://forums.whonix.org/t/virtualbox-intel-hd-audio-and-pipewire-incompatibility-audio-broken-after-increasing-ram-to-5-gb-no-sound-after-latest-updates-pipewire-bug/18211/21archive.org

https://forums.whonix.org/t/find-usr-lib-modules-6-1-0-25-amd64-kernel-drivers-xen-bad-message-unable-to-truncate-for-updated-status-of-security-misc-read-only-file-system/20345/4archive.org

Tickets:

https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/4263archive.org

https://gitlab.com/qemu-project/qemu/-/issues/2561archive.org

2 - 9/9/2024[edit]

KVM 3D Documentation:

https://www.whonix.org/wiki/KVM#3D_Graphics_Accelerationarchive.org

Upstream Tickets:

https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/4263archive.org

https://gitlab.com/qemu-project/qemu/-/issues/2561archive.org

illustrative image:

https://forums.whonix.org/t/missing-libre-illustrative-images/3912/307archive.org

Forums:

https://forums.whonix.org/t/find-usr-lib-modules-6-1-0-25-amd64-kernel-drivers-xen-bad-message-unable-to-truncate-for-updated-status-of-security-misc-read-only-file-system/20345archive.org

https://forums.whonix.org/t/audio-broken-after-increasing-ram-to-5-gb-no-sound-after-latest-updates-pipewire-bug/18211/11archive.org

https://forums.whonix.org/t/how-to-enable-3d-acceleration-in-kvm/16501/8archive.org

https://forums.whonix.org/t/virtualbox-7-0-20-results-in-errors-while-6-1-26-works-with-whonix-release-17-2-0-7/20337/4archive.org

https://forums.whonix.org/t/virt-gtk-experimental-alternative-to-virt-manager-better-perf-but-worse-sandboxing/20250/10archive.org

https://forums.whonix.org/t/no-audio-with-spice-pipewire-halts-with-alsa-qemu-pipewire-unsupported/20341archive.org

https://forums.whonix.org/t/sound-is-cleaner-with-pipewire-from-backports-on-virtualbox/20344archive.org

26/8 - 1/9/2024[edit]

- libvirt upstream bug report

https://lists.libvirt.org/archives/list/users@lists.libvirt.org/thread/6ZAUM545XYFC5E4PYH2BBXI3DGBJRCAJ/archive.org

- VirtualBox Hardware-accelerated Graphics Testing

https://forums.whonix.org/t/virtualbox-3d-acceleration/8673/11archive.org

- Qubes ISO Documentation

https://www.kicksecure.com/wiki/Qubes#ISOarchive.org

Forums:

https://forums.whonix.org/t/virt-gtk-experimental-alternative-to-virt-manager-better-perf-but-worse-sandboxing/20250/7archive.org

https://forums.whonix.org/t/qubes-sudo-su-root-hardening-development-discussion/8561/35archive.org

https://forums.whonix.org/t/whonix-xfce-installer-cli-fails-on-kicksecure/20301/2archive.org

https://forums.whonix.org/t/whonix-virtualbox-integration-and-upgrades/11705/30archive.org

https://forums.whonix.org/t/proxmox-a-dedicated-kvm-platform-for-whonix/3733/40archive.org

Github:

https://github.com/shutter-project/shutter/issues/688archive.org

https://github.com/shutter-project/shutter/issues/659#issuecomment-2294947191archive.org

16 - 25 /8/2024[edit]

- Tested KVM without dnsmasq:

https://forums.whonix.org/t/whonix-kvm-dnsmasq-listen-port-on-host-operating-system-attack-surface-reduction/15973/42archive.org

- Made many adjustment to OnionShare wiki page:

https://www.whonix.org/wiki/OnionSharearchive.org

- Tested KVM 3D Graphics Acceleration:

https://www.whonix.org/wiki/KVM#3D_Graphics_Accelerationarchive.org

https://forums.whonix.org/t/how-to-enable-3d-acceleration/16501/5archive.org

- Added tab controller to:

https://www.whonix.org/wiki/KVM#Install_KVMarchive.org

https://www.kicksecure.com/wiki/Spectre_Meltdown#Platform_Specificarchive.org

https://www.kicksecure.com/wiki/Spectre_Meltdown#Install_Microcode_Packagearchive.org

https://www.kicksecure.com/wiki/Recovery#Serial_Consolearchive.org

- Tested KVM random limit test

https://forums.whonix.org/t/help-welcome-kvm-development-staying-the-course/166/583archive.org

Forums:

https://forums.whonix.org/t/onionshare-on-whonix-workstation-how-to-connect-to-tor/20174/3archive.org

https://forums.whonix.org/t/blocking-certain-applications-from-accessing-internet/20247/2archive.org

https://forums.whonix.org/t/virt-gtk-experimental-alternative-to-virt-manager-better-perf-but-worse-sandboxing/20250/7archive.org

Github:

https://github.com/Kicksecure/libvirt-dist/pull/111#event-13893986296archive.org

https://github.com/Kicksecure/libvirt-dist/pull/112#event-13893984607archive.org

13 - 15/18/2024[edit]

- Migrated https://www.whonix.org/wiki/Spectre_Meltdownarchive.org to Kicksecure wiki

- Tested onionshare instructions on whonix

- VirtualBox netstat comparison before and after whonix installation

- Tried no dns for VMs in KVM and no dnsmasq with PR for Internal/External Whonix network:

https://forums.whonix.org/t/whonix-kvm-dnsmasq-listen-port-on-host-operating-system-attack-surface-reduction/15973/36archive.org

Forums:

https://forums.whonix.org/t/very-hard-to-notice-phishing-scam-firefox-tor-browser-url-not-showing-real-domain-name-homograph-attack-punycode/8373/15archive.org

https://forums.whonix.org/t/what-is-whonix-xfce-17-0-3-0-ova/20221/6archive.org

https://forums.whonix.org/t/nixos-distro-preview/19883/5archive.org

https://forums.whonix.org/t/running-android-apps-inside-whonix-workstation-waydroid/16911/5archive.org

https://forums.whonix.org/t/lxqt-wayland-support/18178/4archive.org

https://forums.whonix.org/t/change-default-shell-from-bash-to-zsh-by-default/14792/164archive.org

09/7 - 12/18/2024[edit]

- Added screenshots to:

https://www.kicksecure.com/wiki/Secure_Boot#Secure_Boot_DKMS_Signing_Key_Enrollmentarchive.org

https://www.kicksecure.com/wiki/Desktop#Disable_Autologinarchive.org

https://www.kicksecure.com/wiki/Protection_Against_Physical_Attacks#Login_Screenarchive.org

https://www.kicksecure.com/wiki/Login#Graphical_Login_Screenarchive.org

https://www.kicksecure.com/wiki/Login#Console_Login_Screenarchive.org

https://www.kicksecure.com/wiki/Grub#GRUB_Encryption_Password_Promptarchive.org

- Added screenshots with tabs and text:

https://www.kicksecure.com/wiki/Debian#Install_the_Kicksecure_Packagearchive.org

https://www.kicksecure.com/wiki/Recovery#Boot_Virtual_Machine_from_ISO_instead_of_Virtual_Hard_Drivearchive.org

- URL migration:

https://www.whonix.org/wiki/Dev/Expected_Build_Warningsarchive.org

- Documented:

https://www.kicksecure.com/wiki/Timezonearchive.org

- Forum:

https://forums.whonix.org/t/qubes-sudo-su-root-hardening-development-discussion/8561/29archive.org

https://forums.whonix.org/t/debian-12-live-to-mount-encrypted-ssd/20192/11archive.org

https://forums.whonix.org/t/help-welcome-kvm-development-staying-the-course/166/574archive.org

https://forums.whonix.org/t/haveged-entropy-daemon/17158/8archive.org

https://forums.whonix.org/t/whonix-gateway-systemcheck-whonixcheck-no-longer-automatically-starting-at-first-boot/20175/2archive.org

https://forums.whonix.org/t/missing-libre-illustrative-images/3912/305archive.org

https://forums.whonix.org/t/i-cant-connect/19597/5archive.org

https://forums.whonix.org/t/whonix-gw-will-not-run-anon-connection-wizard-thus-no-internet-connect-there-is-workaround/18405/3archive.org

https://forums.whonix.org/t/monero-integration-in-whonix/5949/90archive.org

https://forums.whonix.org/t/change-default-shell-from-bash-to-zsh-by-default/14792/163archive.org

Tickets:

https://github.com/QubesOS/qubes-issues/issues/9251archive.org

https://github.com/NixOS/nixpkgs/issues/314887archive.org

https://github.com/QubesOS/qubes-issues/issues/9343archive.org

https://github.com/QubesOS/qubes-issues/issues/9344archive.org

https://github.com/QubesOS/qubes-issues/issues/9374archive.org

https://gitlab.com/bztsrc/usbimager/-/issues/151archive.org (usbimager interface improvement ticket)

01/5 - 08/7/2024[edit]

- Bureaucracy

https://forums.whonix.org/t/keepassxc-browser-doesnt-work-out-of-the-box/16877/7archive.org

https://forums.whonix.org/t/lxde-wayland-support/17388/5archive.org

https://forums.whonix.org/t/remove-hexchat-unmaintained/18391/10archive.org

https://forums.whonix.org/t/anon-gpg-tweaks-gpg-conf-enhancements-duraconf-a-collection-of-hardened-configuration-files/5378/24archive.org

https://forums.whonix.org/t/sudo-su-sorry-try-again-3-incorrect-password/19833/2archive.org

https://forums.whonix.org/t/install-catfish-file-searching-tool-xfce-de-by-default/19837archive.org

https://forums.whonix.org/t/include-monero-wallet-again/19871/2archive.org

https://forums.whonix.org/t/sudo-virsh-c-qemu-system-define-whonix-gateway-xml-error-failed-to-define-domain-from-whonix-gateway-xfce-17-0-3-0-xml-erdomain-configuration-does-not-support-video-model-virtio/19874/2archive.org

https://forums.whonix.org/t/desktop-renders-slowly-despite-high-resource-spec/19727/2archive.org

https://forums.whonix.org/t/i-cant-connect/19597/3archive.org

https://forums.whonix.org/t/help-welcome-kvm-development-staying-the-course/166/554archive.org

https://forums.whonix.org/t/using-nixos-would-allow-us-to-implement-both-live-usb-and-stateless/8790/5archive.org

https://forums.whonix.org/t/nixos-distro-preview/19883archive.org

https://forums.whonix.org/t/tinyproxy-config/19885/2archive.org

https://forums.whonix.org/t/help-welcome-kvm-development-staying-the-course/166/557archive.org

https://forums.whonix.org/t/onion-search-engine/19898/2archive.org

https://forums.whonix.org/t/permission-denied-with-flatpak-sys-block/15781/10archive.org

https://forums.whonix.org/t/flatpak-warning-failed-to-get-revokefs-fuse-socket-from-system-helper-flatpak-system-operation-getrevokefsfd-not-allowed-for-user/19906archive.org

https://forums.whonix.org/t/change-default-shell-from-bash-to-zsh-by-default/14792/160archive.org

https://forums.whonix.org/t/restrict-hardware-information-to-root-testers-wanted/8618/59archive.org

https://forums.whonix.org/t/monero-integration-in-whonix/5949/90archive.org

https://github.com/QubesOS/qubes-issues/issues/9087archive.org

15/3- 25/4/2024[edit]

- Wiki fixes (shifting pages, correcting redirects, fixing URLs)

- Testing kicksecure/Whonix releases (specially kicksecure .iso)

- Adding illustration images

- Bureaucracy

https://forums.whonix.org/t/i-cant-see-the-whonix-dekstop/19545/2archive.org

https://forums.whonix.org/t/mouse-extra-buttons-not-working-on-vmware/19602/2archive.org

https://forums.whonix.org/t/i-cant-connect/19597/2archive.org

https://forums.whonix.org/t/hiddenvm-project-best-solution-available/10732/8archive.org

https://forums.whonix.org/t/does-enabling-flathub-repository-has-any-security-impact/19625/2archive.org

https://forums.whonix.org/t/suggest-trustworthy-tor-hidden-services-as-time-sources-for-sdwdate/856/241archive.org

https://forums.whonix.org/t/how-to-emulate-android-on-whonix-need-to-run-telegram/19681/2archive.org

https://forums.whonix.org/t/how-to-emulate-android-on-whonix-need-to-run-telegram/19681/5archive.org

https://forums.whonix.org/t/vless-reality-proxy-tor-can-the-vps-provider-see-the-traffic/19573/11archive.org

https://forums.whonix.org/t/bridge-request-tool-anon-connection-wizard-tor-control-panel-moat/19680/2archive.org

https://forums.whonix.org/t/csp-content-security-policy-denial-of-service/19673/2archive.org

https://github.com/QubesOS/qubes-issues/issues/9045archive.org

https://github.com/flathub/org.xfce.mousepad/issues/48archive.org

https://github.com/QubesOS/qubes-issues/issues/9152archive.org

https://github.com/Kicksecure/sdwdate/pull/48archive.org

26/2 - 14/3/2024[edit]

- Tested whonix, kicksecure releases

- Finished whonix wiki link fixes

- Fixed some texts in whonix wiki

https://forums.whonix.org/t/riseup-email-sucks/19511/5archive.org

https://forums.whonix.org/t/error-s-when-importing-vm-templates-kvm/19464/3archive.org

https://forums.whonix.org/t/gateway-to-tor-or-not-to-tor/19534/4archive.org

https://github.com/QubesOS/qubes-issues/issues/9025archive.org

https://github.com/QubesOS/qubes-issues/issues/1590#issuecomment-1969826818archive.org

https://github.com/QubesOS/qubes-issues/issues/8896#issuecomment-1960560934archive.org

16-25/2/2024[edit]

- Removed multiple dead wikis from whonix and kicksecure

https://www.kicksecure.com/wiki/Hardened_Malloc_Lightarchive.org

https://www.kicksecure.com/wiki/Hardened_Mallocarchive.org

https://www.kicksecure.com/wiki/Hardened_Malloc/Manual_Installationarchive.org

https://www.kicksecure.com/wiki/Linux_Kernel_Runtime_Guard_LKRGarchive.org

- Providing logs for KVM to compare it and help MAC support:

https://forums.whonix.org/t/whonix-on-mac-m1-arm-development-discussion/14136/28archive.org

https://www.whonix.org/wiki/Dev/KVM#Audit_Output_of_virsh_domxml-to-nativearchive.org

- Testing new Apparmor profile with TB

https://forums.whonix.org/t/cannot-upload-files-with-tor-browser-apparmor-issue/18243/19archive.org

- Testing pipewire functionality in qubes:

https://github.com/QubesOS/qubes-issues/issues/8896archive.org

- Added missing illustration image

15/2/2024[edit]

- Testing KVM CPUinfo:

https://www.whonix.org/w/index.php?title=Protocol-Leak-Protection_and_Fingerprinting-Protection&stable=0#KVM_Whonix-Workstation_17_/proc/cpuinfoarchive.org

- Removed hexchat from the wiki and fixed some wiki text

https://forums.whonix.org/t/remove-hexchat-unmaintained/18391/8archive.org

https://forums.whonix.org/t/whonix-gw-will-not-run-anon-connection-wizard-thus-no-internet-connect-there-is-workaround/18405archive.org

https://forums.whonix.org/t/guest-systems-sees-cpu-of-the-host/1413/29archive.org

1-14/2/2024[edit]

- Removed all links to:

https://www.whonix.org/wiki/Special:WhatLinksHere/Mixmasterarchive.org

https://www.whonix.org/wiki/Special:WhatLinksHere/Nymserversarchive.org

https://www.whonix.org/wiki/Special:WhatLinksHere/JonDonymarchive.org

https://www.whonix.org/wiki/Special:WhatLinksHere/Remailerarchive.org

- Moved unwanted parts to deprecated page.

- Fixed Whonix broken URLs

15-30/1/2024[edit]

- Testing whonix/kicksecure with vbox features (TPM, UEFI)

- Testing OpenSUSE and check packages

- Finished re-checking Kicksecure broken links

- Uploaded missing illustrative images

- Lower progress due to taking cold (sick)


older[edit]

25-31/8/2023[edit]

  • Testing Whonix/Kicksecure new releases
  • Finished Kicksecure URLs checkup

https://forums.whonix.org/t/suggest-trustworthy-tor-hidden-services-as-time-sources-for-sdwdate/856/236archive.org

https://forums.whonix.org/t/tor-browser-crashes-in-whonix-16-with-hardened-malloc/17209/5archive.org

https://forums.whonix.org/t/hardened-malloc-hardened-memory-allocator/7474/201archive.org

https://forums.whonix.org/t/vbox-occasionally-hangs-while-maxing-out-host-disk-read/17207/2archive.org

https://forums.whonix.org/t/i2p-client-inside-whonix-workstation-issues/15890/62archive.org

https://forums.whonix.org/t/help-welcome-kvm-development-staying-the-course/166/539archive.org

https://forums.whonix.org/t/debian-12-kvm-with-firwalld-nftables-wont-work-there-is-workaround/17203archive.org

https://forums.whonix.org/t/help-welcome-kvm-development-staying-the-course/166/538archive.org

https://forums.whonix.org/t/when-tails-can-connect-but-whonix-cannot-what-is-the-reason/17188/5archive.org

https://forums.whonix.org/t/error-invalid-argument-could-not-get-preferred-machine-for-usr-bin-qemu-system-x86-64-type-kvm/17184archive.org

https://forums.whonix.org/t/tor-is-not-yet-fully-bootstrapped-30-done/8792/26archive.org

https://forums.whonix.org/t/guest-has-not-initialized-the-display-yet-kali-linux-host/17141/4archive.org

https://forums.whonix.org/t/haveged-entropy-daemon/17158/3archive.org

24/8/2023[edit]

  • Testing and identifying discourse breakage issue with TB on safest (notified both forums).
  • Adding new illustration images.
  • Testing whonix and kicksecure new releases.
  • Added war on gnu license and the importance of it

https://meta.discourse.org/t/broken-page-load-navigating-discourse-with-tor-browser-on-safest-security-setting-noscript-active/274837/9archive.org

https://forums.whonix.org/t/livecheck-sh-issue/17118/2archive.org

23/8/2023[edit]

  • Learning and Adding new Quotation template.

https://forums.whonix.org/t/which-editor-is-safe-dear-whonix-community/17105/8archive.org

https://forums.whonix.org/t/worried-about-whonix-tor-always-same-fucking-exit-node/17084/9archive.org

https://forums.whonix.org/t/which-editor-is-safe-dear-whonix-community/17105/6archive.org

https://forums.whonix.org/t/which-editor-is-safe-dear-whonix-community/17105/8archive.org

https://forums.whonix.org/t/tor-controller-gui-tor-control-panel/5444/96archive.org

https://forums.whonix.org/t/how-protect-bug-downfall-cpu-exploit-meltdown-spectre/17111/2archive.org

22/8/2023[edit]

  • OFF

20-21/8/2023[edit]

  • Bureaucracy
  • Adding new social media which is gnusocial jp
  • Organizing Social media profiles wiki page for whonix and kicksecure
  • Uploaded kicksecure and whonix vbox gui/cli screenshots
  • Migrating /dev/curl bash and pipe
  • Added tab controller to:

https://www.whonix.org/wiki/Other_Operating_Systems#Easyarchive.org

https://www.whonix.org/wiki/Other_Operating_Systems#Whonix-GNU.2FLinux-Workstationarchive.org

https://www.whonix.org/wiki/Other_Operating_Systems#VM_settingsarchive.org

https://www.kicksecure.com/wiki/Grow_Virtual_Harddiskarchive.org

https://www.kicksecure.com/wiki/Shrink_Virtual_Harddiskarchive.org

https://forums.whonix.org/t/how-protect-anonymous/17111archive.org

https://forums.whonix.org/t/which-editor-is-safe-dear-whonix-community/17105/2archive.org

https://forums.whonix.org/t/do-paravirtualized-devices-pose-a-security-risk-to-the-host-and-other-vms-on-it/17106/2archive.org

https://forums.whonix.org/t/worried-about-whonix-tor-always-same-fucking-exit-node/17084/6archive.org

https://forums.whonix.org/t/help-welcome-kvm-development-staying-the-course/166/532archive.org

https://forums.whonix.org/t/jmp-mobile-number-through-jabber-no-sim-card-or-mobile-phone-needed/11050/16archive.org

19/8/2023[edit]

  • Adding tabs to Tips_on_Remaining_Anonymous#Avoid_(Mobile)_Phone_Verification_(Use_only_with_caution)
  • Fixing SecBrowser wiki page text
  • Spreading news about new whonix/kicksecure TLS hardening configs

https://forums.whonix.org/t/tls-with-its-highest-available-security-options/17098archive.org

https://forums.whonix.org/t/unsupported-qcow2-feature-extended-l2-entries/17060/3archive.org

https://forums.whonix.org/t/worried-about-whonix-tor-always-same-fucking-exit-node/17084/4archive.org

https://forums.whonix.org/t/is-type-2-hypervisor-more-safe-than-type-1-hypervisor/17085/2archive.org

17-18/8/2023[edit]

OFF

15-16/8/2023[edit]

  • Testing kloak in non-qubes
  • Researching GNU app installation
  • Researching android -> GNU backup
  • Clearing https-everywhere mention from the wiki since its deprecated
  • Renewing Hosts that accept cryptocurrenciesarchive.org for their payment

https://forums.whonix.org/t/forcing-onion-on-whonix-org/510/18archive.org

13-14/8/2023[edit]

  • Bureaucracy
  • Making draft for social media spread of Whonix TLS improvement

https://forums.whonix.org/t/discourse-integration-change-whonix-forum-software-to-discourse/1181/41archive.org

https://forums.whonix.org/t/monero-integration-in-whonix/5949/80archive.org

https://forums.whonix.org/t/new-qubes-website-new-whonix-website/1736/169archive.org

https://forums.whonix.org/t/windows-whonix-workstation-in-kvm/17039/5archive.org

https://forums.whonix.org/t/ubuntu-lagging/17038/6archive.org

https://forums.whonix.org/t/sdwdate-and-sdwdate-gui-development-thread/1137/395archive.org

https://github.com/monero-project/monero-gui/issues/4206archive.org

https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42011archive.org

https://meta.discourse.org/t/broken-page-load-navigating-discourse-with-tor-browser-on-safest-security-setting-noscript-active/274837archive.org

11-12/8/2023[edit]

OFF

8-10/8/2023[edit]

  • Bureaucracy
  • Fixing kicksecure broken links (partial full finish)
  • Fixing new icons for verify page
  • Retesting page /Testing for vbox
  • Reporting discourse nojs issue

https://github.com/Kicksecure/anon-apt-sources-list/pull/1archive.org

https://github.com/QubesOS/qubes-issues/issues/8413archive.org

https://forums.whonix.org/t/restrict-hardware-information-to-root-testers-wanted/8618/55archive.org

https://forums.whonix.org/t/discourse-integration-change-whonix-forum-software-to-discourse/1181/34archive.org

6-7/8/2023[edit]

  • Bureaucracy
  • Reporting bugs and features for mediawiki
  • Finished adding tabs (+upload new images) and fixing text to:

https://www.kicksecure.com/wiki/Verify_the_virtual_machine_imagesarchive.org https://www.kicksecure.com/wiki/VirtualBox/Other_Versions#Install_from_VirtualBox.org_Repositoryarchive.org

https://github.com/QubesOS/qubes-issues/issues/8400archive.org

4-5/8/2023[edit]

OFF

3/8/2023[edit]

  • Finished Qubes Disposable wiki
  • Finished Kicksecure verification steps wiki

1 - 2/8/2023[edit]

  • Looking on Qubes Disposables page in thoroughly way
  • Working on Kicksecure verification steps wiki

https://forums.whonix.org/t/sys-whonix-dom0-updates-failing-on-qubes-r4-1-with-qubes-whonix-16/16998archive.org

https://forums.whonix.org/t/onion-xmpp-connections-over-whonix/16993/2archive.org

https://github.com/QubesOS/qubes-builder-debian/pull/77#issuecomment-1660158921archive.org

https://github.com/waydroid/waydroid/issues/1027#issuecomment-1660419839archive.org

31/7/2023[edit]

  • Bureaucracy
  • Investigating about gignet mirror to update their whonix images to latest
  • Verified and cleaned old todo list
  • Retested qubes-whonix dispvms
  • Tickets and Activities:

https://forums.kicksecure.com/t/running-android-apps-inside-kicksecure-waydroid/304archive.org

https://github.com/QubesOS/qubes-issues/issues/8382archive.org

https://github.com/waydroid/waydroid/issues/1027archive.org

30/7/2023[edit]

  • Installing Waydroid on Kicksecure
  • Debugging sdwdate-gui systray in Qubes
  • Tickets and Activities:

https://forums.whonix.org/t/workstation-black-screen-after-boot/16959/3archive.org

https://forums.whonix.org/t/note-installing-waydroid-will-remove-busybox-which-is-a-dep-to-kicksecure-dependencies-cli/16910/6archive.org

https://forums.whonix.org/t/virtualbox-workstation-and-gateway-weird-behavior/16970archive.org

https://forums.whonix.org/t/cloudflare-dns-sometimes-doesnt-resolve-main-whonix-mirror-properly/16956/3archive.org

https://forums.whonix.org/t/merge-2-menus-of-sdwdate-tray-better-ux/16900/17archive.org

https://forums.whonix.org/t/freenet-cant-connect-node/16962/2archive.org

https://forums.whonix.org/t/why-is-the-timezone-different/16971/4archive.org

https://forums.whonix.org/t/does-whonix-tb-differ-from-upstream/16969/2archive.org

https://github.com/waydroid/waydroid/issues/1027archive.org

https://github.com/webcompat/web-bugs/issues/125004#issuecomment-1657107180archive.org

28-29/7/2023[edit]

OFF

27/7/2023[edit]

  • Spread whonix new release to public forums and chats
  • Tickets and Activities:

https://forums.whonix.org/t/missing-libre-illustrative-images/3912/291archive.org

https://forums.whonix.org/t/merge-2-menus-of-sdwdate-tray-better-ux/16900/13archive.org

26/7/2023[edit]

  • Discussion about signify and improving verification steps
  • Spread whonix release to social media
  • Tickets and Activities:

https://forums.whonix.org/t/qubes-sudo-su-root-hardening-development-discussion/8561/18archive.org

https://forums.whonix.org/t/cloudflare-dns-sometimes-doesnt-resolve-main-whonix-mirror-properly/16956archive.org

25/7/2023[edit]

Merged the wikis: https://forums.whonix.org/t/merge-2-menus-of-sdwdate-tray-better-ux/16900/12archive.org

24/7/2023[edit]

  • Bureaucracy

23/7/2023[edit]

  • Communicate with whonix mirrors
  • Tickets and Activities:

https://forums.whonix.org/t/i-need-ur-help-with-an-error-in-starting-virtual-machines-kvm/16940/3archive.org

https://forums.whonix.org/t/remove-unwanted-programs-delete-unnecessary-software/1905/9archive.org

https://forums.whonix.org/t/kswapd0-high-cpu-usage-on-whonix-17/16933/2archive.org

https://forums.whonix.org/t/i2p-client-inside-whonix-workstation-issues/15890/58archive.org

https://github.com/QubesOS/qubes-builder-debian/pull/75#event-9894816172archive.org

https://github.com/QubesOS/qubes-issues/issues/6566#issuecomment-1648515708archive.org

https://github.com/QubesOS/qubes-issues/issues/8369archive.org

21-22/7/2023[edit]

OFF

20/7/2023[edit]

  • Bureaucracy

19/7/2023[edit]

  • Bureaucracy
  • Finished changing names wherever possible

18/7/2023[edit]

  • Tested waydroid on whonix 17
  • Tickets and Activities:

https://forums.whonix.org/t/merge-2-menus-of-sdwdate-tray-better-ux/16900/7archive.org

https://forums.whonix.org/t/waydroid-and-whonix/13643/10archive.org

https://forums.whonix.org/t/whonix-ws-kvm-broken-due-to-reinstalled-security-misc/16902/5archive.org

https://forums.whonix.org/t/whonix-17-wont-work-directly-on-debian-12-bookworm-host-no-iptables/16903/2archive.org

https://forums.whonix.org/t/help-welcome-kvm-development-staying-the-course/166/528archive.org

https://forums.whonix.org/t/note-installing-waydroid-will-remove-busybox-which-is-a-dep-to-kicksecure-dependencies-cli/16910archive.org

https://forums.whonix.org/t/running-android-apps-inside-whonix-workstation-waydroid/16911archive.org

https://github.com/QubesOS/qubes-issues/issues/8365archive.org

https://github.com/waydroid/waydroid/issues/1006archive.org

https://github.com/waydroid/waydroid/issues/1007archive.org

17/7/2023[edit]

  • Bureaucracy
  • Tickets and Activities:
    • Remove offline i2ps eepsites in whonix wiki
    • Upgrade kicksecure to bookworm in amd and power9
    • Tested whonix 17 on kvm

https://forums.whonix.org/t/whonix-17-wont-work-directly-on-debian-12-bookworm-host-no-iptables/16903archive.org

https://forums.whonix.org/t/change-default-shell-from-bash-to-zsh-by-default/14792/133archive.org

https://forums.whonix.org/t/xfce-theming-a-few-suggestions/7205/80archive.org

https://forums.whonix.org/t/whonix-ws-kvm-broken-due-to-reinstalled-security-misc/16902/3archive.org

https://forums.whonix.org/t/remmina-vs-rustdesk/16302/5archive.org

https://forums.whonix.org/t/anarsec-qubes-whonix-guide/16887/6archive.org

16/7/2023[edit]

  • Tickets and activities:

https://forums.whonix.org/t/i2p-integration/4981/369archive.org

https://forums.whonix.org/t/merge-2-menus-of-sdwdate-tray-better-ux/16900archive.org

https://forums.whonix.org/t/uploading-images-sometimes-will-give-invalid-csrf-token-some-cookies-are-misusing-the-recommended-samesite-attribute/16898archive.org

https://forums.whonix.org/t/generate-whonix-gw-dvm-with-salt-to-give-the-possibility-to-base-sys-whonix-on-it/16901archive.org

https://forums.whonix.org/t/disposable-browser-fingerprint/16894/2archive.org

https://forums.whonix.org/t/command-not-showing-up-fully-in-the-wiki-when-using-codeselect-code/16899archive.org

https://forums.whonix.org/t/wrongs-links-in-kvm-install-guide/16897/2archive.org

https://www.whonix.org/wiki/I2P#Installation_and_Setuparchive.org

https://www.whonix.org/wiki/I2P#Steps_for_I2P_Configuration_and_Usage_After_Installationarchive.org

Finished cleaning up qubes-minimal packages

15/7/2023[edit]

OFF

1 - 14/7/2023[edit]

  • Testing:

Tested all whonix and kicksecure releases of version 17.x (on vbox and qubes 4.2)

Tested Whonix - I2P + TB and sorted out all issues (but tomorrow will be documented)

  • Tickets and activities:

https://github.com/bitcoin/bitcoin/issues/28054archive.org

https://github.com/QubesOS/qubes-issues/issues/8286#issuecomment-1627786685archive.org

https://github.com/QubesOS/qubes-issues/issues/8330#issuecomment-1625923003archive.org

https://github.com/QubesOS/qubes-issues/issues/8346archive.org

https://github.com/QubesOS/qubes-issues/issues/6325#issuecomment-1633056725archive.org

https://github.com/QubesOS/qubes-issues/issues/8342archive.org

https://github.com/QubesOS/qubes-issues/issues/5836archive.org

https://github.com/QubesOS/qubes-issues/issues/8341archive.org

https://github.com/QubesOS/qubes-issues/issues/8335archive.org

https://github.com/QubesOS/qubes-issues/issues/8193#issuecomment-1626208571archive.org

https://github.com/QubesOS/qubes-issues/issues/8336#issuecomment-1626359102archive.org

https://github.com/QubesOS/qubes-issues/issues/8333archive.org

https://github.com/QubesOS/qubes-issues/issues/8331#issue-1794108471archive.org

https://github.com/QubesOS/qubes-issues/issues/8332archive.org

https://github.com/QubesOS/qubes-issues/issues/8334archive.org

https://github.com/QubesOS/qubes-issues/issues/8079#issuecomment-1626045208archive.org

https://github.com/QubesOS/qubes-issues/issues/8269#issuecomment-1606111278archive.org

https://github.com/QubesOS/qubes-issues/issues/8359archive.org

https://github.com/QubesOS/qubes-issues/issues/8360archive.org

https://forums.whonix.org/t/keepassxc-browser-doesnt-work-out-of-the-box/16877/2archive.org

https://forums.whonix.org/t/whonix-delete-the-unnecessary-files-programs/1905/6archive.org

https://forums.whonix.org/t/whonix-delete-the-unnecessary-files-programs/1905/8archive.org

https://forums.whonix.org/t/default-dns-provider-discussion-for-kicksecure-not-whonix/16870/2archive.org

https://forums.whonix.org/t/default-dns-provider-discussion-for-kicksecure-not-whonix/16870/4archive.org

https://forums.whonix.org/t/default-dns-provider-discussion-for-kicksecure-not-whonix/16870/6archive.org

https://forums.whonix.org/t/default-dns-provider-discussion-for-kicksecure-not-whonix/16870/8archive.org

https://forums.whonix.org/t/dino-im-messenger/7773/45archive.org

https://forums.whonix.org/t/dino-im-messenger/7773/48archive.org

https://forums.whonix.org/t/use-dnscrypt-by-default-in-kicksecure-not-whonix/8117/61archive.org

https://forums.whonix.org/t/suggest-trustworthy-tor-hidden-services-as-time-sources-for-sdwdate/856/233archive.org

https://forums.whonix.org/t/remove-imagemagick/6143/13archive.org

https://forums.whonix.org/t/flatpak-as-a-software-source-flathub-as-a-source-of-software/8500/52archive.org

https://forums.whonix.org/t/missing-libre-illustrative-images/3912/287archive.org

https://forums.whonix.org/t/local-browser-homepage-for-tor-browser-in-whonix/347/114archive.org

https://forums.whonix.org/t/local-browser-homepage-for-tor-browser-in-whonix/347/116archive.org


OLDEST[edit]

23/1/2023[edit]

  • Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Dev/Download_Statisticsarchive.org

https://www.whonix.org/wiki/Dev/Download_Wizardarchive.org

https://www.whonix.org/wiki/Dev/Installation_from_Repositoryarchive.org

https://www.whonix.org/wiki/Mailing_Listsarchive.org

https://www.whonix.org/wiki/Dev/Redistributionarchive.org

https://www.whonix.org/wiki/Essential_Testsarchive.org

https://www.whonix.org/wiki/Dev/Visionarchive.org

https://www.whonix.org/wiki/Dev/Tails_Doc_Forkarchive.org

https://www.whonix.org/wiki/UniStationarchive.org

https://www.whonix.org/wiki/Dev/Inspirationarchive.org

https://www.whonix.org/wiki/Dev/Zeroboxarchive.org

https://forums.whonix.org/t/long-wiki-edits-thread/3477/2268archive.org

19/1/2023[edit]

  • Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Dev/Portingarchive.org

https://www.whonix.org/wiki/Dev/Logoarchive.org

https://www.whonix.org/wiki/Dev/TPO_Trademarkarchive.org

https://www.whonix.org/wiki/Dev/64bitarchive.org

https://www.whonix.org/wiki/Dev/Firefox_Add-Onarchive.org

https://www.whonix.org/wiki/Dev/tor-launcherarchive.org

https://www.whonix.org/wiki/BackupScriptarchive.org

https://www.whonix.org/wiki/Dev/Firewall_Unloadarchive.org

https://www.whonix.org/wiki/Dev/Testarchive.org

https://www.whonix.org/wiki/Dev/Linux_Installerarchive.org

https://www.whonix.org/wiki/Dev/Windows_Installerarchive.org

https://www.whonix.org/wiki/Dev/Windows_Starterarchive.org

https://www.whonix.org/wiki/Windows_Quick_Start_Testers_Only_Versionarchive.org

https://www.whonix.org/wiki/Dev/researcharchive.org

https://www.whonix.org/wiki/Dev/patreonarchive.org

https://www.whonix.org/wiki/Dev/Gajimarchive.org

https://www.whonix.org/wiki/Dev/Project_friendly_applications_best_practicesarchive.org

https://www.whonix.org/wiki/SecBrowserarchive.org

https://www.whonix.org/wiki/Dev/wallpaperarchive.org

https://www.whonix.org/wiki/Dev/certificationarchive.org

https://www.whonix.org/wiki/Dev/STIGarchive.org

https://www.whonix.org/wiki/Dev/surveysarchive.org

https://www.whonix.org/wiki/Dev/Automated_Testsarchive.org

https://www.whonix.org/wiki/Dev/Torified_Wi-Fi_Hotspotarchive.org

https://www.whonix.org/wiki/KVM_Testers_Only_Versionarchive.org

https://www.whonix.org/wiki/Dev/Xfcearchive.org

https://www.whonix.org/wiki/Dev/Issue_Trackerarchive.org

https://www.whonix.org/wiki/Dev/Homepagearchive.org

https://www.whonix.org/wiki/Transparencyarchive.org

18/1/2023[edit]

  • Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Dev/Archived_Discussionsarchive.org

https://www.whonix.org/wiki/Dev/GNOMEarchive.org

https://www.whonix.org/wiki/Dev/Source_Code_Introarchive.org

https://www.whonix.org/wiki/Dev/Newsarchive.org

https://www.whonix.org/wiki/Dev/SSL_Certificate_Pinningarchive.org

https://www.whonix.org/wiki/Dev/JonDoarchive.org

https://www.whonix.org/wiki/Dev/Project_Hostarchive.org

https://www.whonix.org/wiki/Dev/Network_Managerarchive.org

https://www.whonix.org/wiki/Dev/Continuous_Integrationarchive.org

https://www.whonix.org/wiki/Dev/DHCParchive.org

https://www.whonix.org/wiki/Hosting_a_Mirrorarchive.org

17/1/2023[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Dev/anon-ws-disable-stacked-torarchive.org

https://www.whonix.org/wiki/Dev/Default_Application_Policyarchive.org

https://www.whonix.org/wiki/Dev/Torarchive.org

https://www.whonix.org/wiki/Dev/setup-distarchive.org

https://www.whonix.org/wiki/Dev/Disclaimerarchive.org

https://www.whonix.org/wiki/Comparison_Of_Package_Managersarchive.org

https://www.whonix.org/wiki/Dev/Advanced_Deanonymization_Attacksarchive.org

https://www.whonix.org/wiki/Dev/latency-obfuscatorarchive.org

https://www.whonix.org/wiki/Dev/MACarchive.org

https://www.whonix.org/wiki/Dev/vanguardsarchive.org

16/1/2023[edit]

OFF

15/1/2023[edit]

OFF

13/1/2023[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Dev/anon-ws-disable-stacked-torarchive.org

https://www.whonix.org/wiki/Dev/Default_Application_Policyarchive.org

Discussion:

https://chat.openai.com/chatarchive.org

https://www.grammarly.com/archive.org

12/1/2023[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Dev/Qubesarchive.org

https://www.whonix.org/wiki/Dev/About_Developersarchive.org

https://www.whonix.org/wiki/Nextarchive.org

https://www.whonix.org/wiki/Dev/onion-graterarchive.org

11/1/2023[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Dev/Operating_Systemarchive.org

https://www.whonix.org/wiki/Dev/VirtualBoxarchive.org

https://www.whonix.org/wiki/Dev/KVMarchive.org

10/1/2023[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Dev/Technical_Introductionarchive.org

https://www.whonix.org/wiki/Dev/Leak_Testsarchive.org

https://www.whonix.org/wiki/Dev/Anonymity_Networkarchive.org

https://www.whonix.org/wiki/Dev/Threat_Modelarchive.org

https://www.whonix.org/wiki/Dev/Virtualization_Platformarchive.org

https://www.whonix.org/wiki/Dev/Gatewayarchive.org

https://www.whonix.org/wiki/Dev/Hostarchive.org

https://www.whonix.org/wiki/Dev/Project_Hostarchive.org

https://www.whonix.org/wiki/Dev/Build_Anonymityarchive.org

https://www.whonix.org/wiki/Dev/Expected_Build_Warningsarchive.org

https://www.whonix.org/wiki/Verifiable_Buildsarchive.org

- No new issues with testers upgrades

- https://github.com/QubesOS/qubes-issues/issues/7959#issuecomment-1375525256archive.org

9/1/2023[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Swap-file-creatorarchive.org

https://www.whonix.org/wiki/Project-APT-Repositoryarchive.org

https://www.whonix.org/wiki/Debian_Packagesarchive.org

https://www.whonix.org/wiki/Access_Local_Network_or_Host_or_Clearnet_Internet_from_VMarchive.org

https://www.whonix.org/wiki/Access_Gateway_Port_From_Hostarchive.org

https://www.whonix.org/wiki/Censorship_Circumvention_Toolsarchive.org

https://www.whonix.org/wiki/Whonix-Gateway_System_DNSarchive.org

https://www.whonix.org/wiki/Whonix-Gateway_Own_Traffic_Transparent_Proxyarchive.org

https://www.whonix.org/wiki/Access_Workstation_Port_From_Hostarchive.org

https://www.whonix.org/wiki/Connections_between_Gateway_and_Workstationarchive.org

https://www.whonix.org/wiki/Tor_Browser/Manual_Downloadarchive.org

https://www.whonix.org/wiki/Portsarchive.org

https://www.whonix.org/wiki/Redirect_Whonix-Workstation_Ports_or_Unix_Domain_Socket_Files_to_Whonix-Gatewayarchive.org

https://www.whonix.org/wiki/FTParchive.org

https://www.whonix.org/wiki/Systemdarchive.org

https://www.whonix.org/wiki/Dev/Build_Documentation/VMarchive.org

https://www.whonix.org/wiki/Dev/Build_Documentation/Upgrading_Derivative_Deb_Packages_from_Source_Codearchive.org

https://www.whonix.org/wiki/Dev/Build_Documentation/security-miscarchive.org

https://www.whonix.org/wiki/Dev/Build_Documentation/generic-packagearchive.org

https://www.whonix.org/wiki/Template:Build_Documentation_Build_Packagearchive.org

https://www.whonix.org/wiki/Dev/Windows_Installerarchive.org

https://www.whonix.org/wiki/Dev/Windows_Starterarchive.org

8/1/2023[edit]

Swapped with the weekend

29/12/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Manually_Create_Whonix_VM_Settingsarchive.org

https://www.whonix.org/wiki/Dev/Build_Documentationarchive.org

https://www.whonix.org/wiki/Manually_Creating_Whonixarchive.org

https://www.whonix.org/wiki/Boot_Clock_Randomizationarchive.org

https://www.whonix.org/wiki/Protocol-Leak-Protection_and_Fingerprinting-Protectionarchive.org

https://www.whonix.org/wiki/Security_Roadmaparchive.org

https://www.whonix.org/wiki/Other_Desktop_Environmentsarchive.org

https://www.whonix.org/wiki/Whonix-Gateway_Firewallarchive.org

https://www.whonix.org/wiki/Whonix-Workstation_Firewallarchive.org

https://www.whonix.org/wiki/Multiple_Qubes-Whonix_Templatesarchive.org

https://www.whonix.org/wiki/Multiple_Whonix-Gatewayarchive.org

https://www.whonix.org/wiki/Multiple_Whonix-Workstationarchive.org

https://www.whonix.org/wiki/Other_Operating_Systemsarchive.org

https://www.whonix.org/wiki/Other_Gatewaysarchive.org

28/12/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/VMwarearchive.org

https://www.whonix.org/wiki/Dev/Build_Documentation/Physical_Isolationarchive.org

https://www.whonix.org/wiki/Dev/Leak_Testsarchive.org

https://www.whonix.org/wiki/VM_Fingerprintingarchive.org

https://www.whonix.org/wiki/VPN-Firewallarchive.org

https://www.whonix.org/wiki/Alternative_DNS_Resolverarchive.org

https://www.whonix.org/wiki/Hide_Tor_from_your_Internet_Service_Providerarchive.org

https://www.whonix.org/wiki/Host_a_Bridge_or_Tor_Relayarchive.org

https://www.whonix.org/wiki/Speculative_Tor_Attacksarchive.org

https://www.whonix.org/wiki/Torify_Host_Operating_Systemarchive.org

https://www.whonix.org/wiki/PPTParchive.org

https://www.whonix.org/wiki/Tunnel_UDP_over_Torarchive.org

https://www.whonix.org/wiki/Vanguardsarchive.org

27/12/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/File_Transferarchive.org

https://www.whonix.org/wiki/Anboxarchive.org

https://www.whonix.org/wiki/GNUnetarchive.org

https://www.whonix.org/wiki/Chromiumarchive.org

https://www.whonix.org/wiki/Chromearchive.org

https://www.whonix.org/wiki/PyLRUarchive.org

https://www.whonix.org/wiki/Access_Local_Network_or_Host_or_Clearnet_Internet_from_VMarchive.org

https://www.whonix.org/wiki/QEMUarchive.org

https://www.whonix.org/wiki/Dev/Virtualization_Platformarchive.org

26/12/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Policy_of_Website_and_Chatarchive.org

https://www.whonix.org/wiki/Imprintarchive.org

https://www.whonix.org/wiki/Privacy_Policyarchive.org

https://www.whonix.org/wiki/Cookie_Policyarchive.org

https://www.whonix.org/wiki/Terms_of_Servicearchive.org

https://www.whonix.org/wiki/E-Sign_Consentarchive.org

https://www.whonix.org/wiki/Whonix:Copyrightsarchive.org

https://www.whonix.org/wiki/Trademark_Policyarchive.org

https://www.whonix.org/wiki/Forcing_.onion_on_Projectarchive.org

https://www.whonix.org/wiki/APIarchive.org

https://www.whonix.org/wiki/Security_Reviews_and_Feedbackarchive.org

https://www.whonix.org/wiki/Art_Galleryarchive.org

https://www.whonix.org/wiki/Censusarchive.org

https://www.whonix.org/wiki/Media_Mentionsarchive.org

https://www.whonix.org/wiki/Packages_for_Debian_Hostsarchive.org

https://www.whonix.org/wiki/What_we_doarchive.org

24/12/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/BackupScriptarchive.org

https://www.whonix.org/wiki/Browser_Testsarchive.org

https://www.whonix.org/wiki/Introductionarchive.org

https://www.whonix.org/wiki/Advanced_Documentationarchive.org

https://www.whonix.org/wiki/Offline_Documentationarchive.org

https://www.whonix.org/wiki/VFAQarchive.org

https://www.whonix.org/wiki/Declinedarchive.org

https://www.whonix.org/wiki/Stream_Isolationarchive.org

https://www.whonix.org/wiki/Stream_Isolation/Disable_Easyarchive.org

https://www.whonix.org/wiki/Stream_Isolation/Easyarchive.org

https://www.whonix.org/wiki/ExoneraTorarchive.org

https://www.whonix.org/wiki/Why_is_Tor_slowarchive.org

22/12/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Contributorsarchive.org

https://www.whonix.org/wiki/Creditsarchive.org

https://www.whonix.org/wiki/Historyarchive.org

https://www.whonix.org/wiki/Reasons_for_Freedom_Softwarearchive.org

https://www.whonix.org/wiki/Contactarchive.org

https://www.whonix.org/wiki/Contributearchive.org

https://www.whonix.org/wiki/Donatearchive.org

https://www.whonix.org/wiki/Investorsarchive.org

https://www.whonix.org/wiki/Official_Online_Profilesarchive.org

https://www.whonix.org/wiki/Supportarchive.org

https://www.whonix.org/wiki/Please_Use_Search_Engines_And_See_Documentation_Firstarchive.org

21/12/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Dev/Build_Documentation/Physical_Isolationarchive.org

https://www.whonix.org/wiki/Signing_Keyarchive.org

https://www.whonix.org/wiki/Verify_the_virtual_machine_imagesarchive.org

https://www.whonix.org/wiki/Verify_the_images_using_Linuxarchive.org

https://www.whonix.org/wiki/Verify_the_images_using_Linuxarchive.org

https://www.whonix.org/wiki/Verify_the_virtual_machine_images_using_other_operating_systemsarchive.org

https://www.whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizersarchive.org

https://www.whonix.org/wiki/Qubes/Installarchive.org

https://www.whonix.org/wiki/Qubes/Reinstallarchive.org

https://www.whonix.org/wiki/Qubes/Uninstallarchive.org

https://www.whonix.org/wiki/Qubes/Updatearchive.org

https://www.whonix.org/wiki/Qubes/Troubleshootingarchive.org

https://www.whonix.org/wiki/Multiple_Whonix-Workstationarchive.org

https://www.whonix.org/wiki/Qubes/AppArmorarchive.org

https://www.whonix.org/wiki/Qubes/Tor_Browserarchive.org

https://www.whonix.org/wiki/Qubes/Create_Gateway_ProxyVMsarchive.org

https://www.whonix.org/wiki/Qubes/UpdatesProxyarchive.org

https://www.whonix.org/wiki/Multiple_Qubes-Whonix_Templatesarchive.org

https://www.whonix.org/wiki/Multiple_Whonix-Gatewayarchive.org

20/12/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Tunnels/Introductionarchive.org

https://www.whonix.org/wiki/Chaining_Anonymizing_Gatewaysarchive.org

https://www.whonix.org/wiki/Tunnels/Examplesarchive.org

https://www.whonix.org/wiki/Lanternarchive.org

https://www.whonix.org/wiki/Whonix_versus_VPNsarchive.org

https://www.whonix.org/wiki/Whonix_versus_Proxiesarchive.org

https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPNarchive.org

https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_proxyarchive.org

https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_SSHarchive.org

https://www.whonix.org/wiki/Tunnels/Connecting_to_a_proxy_before_Torarchive.org

https://www.whonix.org/wiki/Tunnels/Connecting_to_SSH_before_Torarchive.org

https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Torarchive.org

19/12/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Tor_Controllerarchive.org

https://www.whonix.org/wiki/Corridorarchive.org

https://www.whonix.org/wiki/Hosting_Location_Hidden_Servicesarchive.org

https://www.whonix.org/wiki/Onion_Servicesarchive.org

https://www.whonix.org/wiki/Onion_Services_Guidesarchive.org

https://www.whonix.org/wiki/Logging_in_to_captive_portalsarchive.org

https://www.whonix.org/wiki/Sdwdatearchive.org

- Tested Whonix OS installation on ubuntu/mint.

18/12/2022[edit]

Swapped Off

17/12/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/OnionSharearchive.org

https://www.whonix.org/wiki/Remote_Administrationarchive.org

https://www.whonix.org/wiki/Rssarchive.org

https://www.whonix.org/wiki/YaCyarchive.org

https://www.whonix.org/wiki/Other_Anonymizing_Networksarchive.org

https://www.whonix.org/wiki/Freenetarchive.org

https://www.whonix.org/wiki/JonDonymarchive.org

https://www.whonix.org/wiki/Chat#RetroSharearchive.org

https://www.whonix.org/wiki/ZeroNetarchive.org

15/12/2022[edit]

Sick Leave

14/12/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Moneyarchive.org

https://www.whonix.org/wiki/Bisqarchive.org

https://www.whonix.org/wiki/Bitcoinarchive.org

https://www.whonix.org/wiki/Bitcoin_Corearchive.org

https://www.whonix.org/wiki/Electrumarchive.org

https://www.whonix.org/wiki/ElectrumXarchive.org

https://www.whonix.org/wiki/Ethereumarchive.org

https://www.whonix.org/wiki/Moneroarchive.org

https://www.whonix.org/wiki/Monero_Wallet_Isolationarchive.org

https://www.whonix.org/wiki/File_Sharingarchive.org

13/12/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Nymserversarchive.org

https://www.whonix.org/wiki/Remailerarchive.org

https://www.whonix.org/wiki/Chatarchive.org

https://www.whonix.org/wiki/HexChatarchive.org

https://www.whonix.org/wiki/Signalarchive.org

https://www.whonix.org/wiki/Telegramarchive.org

https://www.whonix.org/wiki/VoIParchive.org

https://www.whonix.org/wiki/Wickrarchive.org

https://www.whonix.org/wiki/One_Time_Padarchive.org

12/12/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Tor_Browser/Advanced_Usersarchive.org

https://www.whonix.org/wiki/Install_Tor_Browser_Outside_of_Whonixarchive.org

https://www.whonix.org/wiki/Verify_Tor_Browser_in_Windowsarchive.org

https://www.whonix.org/wiki/YouTubearchive.org

https://www.whonix.org/wiki/yt-dlparchive.org

https://www.whonix.org/wiki/E-Mailarchive.org

https://www.whonix.org/wiki/Encrypted_Email_with_Thunderbirdarchive.org

https://www.whonix.org/wiki/BitMessagearchive.org

11/12/2022[edit]

Swapped with weekend

9/12/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Tor_Browserarchive.org

- Tested whonix linux installation in debian, ubuntu, mint

8/12/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Tor_Browserarchive.org (partially)

7/12/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/RAMarchive.org

https://www.whonix.org/wiki/Reporting_Bugsarchive.org

https://www.whonix.org/wiki/Known_Issuesarchive.org

https://www.whonix.org/wiki/Disaster_Recoveryarchive.org

https://www.whonix.org/wiki/Essential_Testsarchive.org

https://www.whonix.org/wiki/Troubleshootingarchive.org

https://www.whonix.org/wiki/Surfing_Posting_Bloggingarchive.org

6/12/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Qubes/Disposablesarchive.org

https://www.whonix.org/wiki/Torarchive.org

https://www.whonix.org/wiki/Tor_Entry_Guardsarchive.org

https://www.whonix.org/wiki/Transporting_UDP_Tunnels_over_Torarchive.org

https://www.whonix.org/wiki/Tor-ctrl-observerarchive.org

https://www.whonix.org/wiki/Whonix-Gateway_Security_Hardeningarchive.org

https://www.whonix.org/wiki/Multiple_Whonix-Gatewayarchive.org

https://www.whonix.org/wiki/Whonix-Workstation_Security_Hardeningarchive.org

https://www.whonix.org/wiki/Multiple_Whonix-Workstationarchive.org

https://www.whonix.org/wiki/Hostnamesarchive.org

https://www.whonix.org/wiki/Host_Operating_System_Selectionarchive.org

https://www.whonix.org/wiki/MAC_Addressarchive.org

5/12/2022[edit]

swapped with weekend

1/12/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Time_Attacksarchive.org

https://www.whonix.org/wiki/Whonix-Gateway_Securityarchive.org

https://www.whonix.org/wiki/Whonix-Workstation_Securityarchive.org

https://www.whonix.org/wiki/Warningarchive.org

https://www.whonix.org/wiki/Advanced_Security_Guide_Introductionarchive.org

https://www.whonix.org/wiki/Advanced_Deanonymization_Attacksarchive.org

https://www.whonix.org/wiki/Chaining_Anonymizing_Gatewaysarchive.org

https://www.whonix.org/wiki/Network_Time_Synchronizationarchive.org

30/11/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Basic_Security_Guide_Introductionarchive.org

https://www.whonix.org/wiki/Essential_Host_Securityarchive.org

https://www.whonix.org/wiki/Metadataarchive.org

https://www.whonix.org/wiki/Onionizing_Repositoriesarchive.org

https://www.whonix.org/wiki/Release_Upgradearchive.org

https://www.whonix.org/wiki/Install_Softwarearchive.org

https://www.whonix.org/wiki/USB_Installationarchive.org

https://www.whonix.org/wiki/System_Hardening_Checklistarchive.org

29/11/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/The_World_Wide_Web_And_Your_Privacyarchive.org

https://www.whonix.org/wiki/Surveillance_Capabilitiesarchive.org

https://www.whonix.org/wiki/Anonymityarchive.org

https://www.whonix.org/wiki/Tips_on_Remaining_Anonymousarchive.org

https://www.whonix.org/wiki/VM_Fingerprintingarchive.org

https://github.com/Kicksecure/repository-distarchive.org -> https://github.com/Kicksecure/repository-distarchive.org

28/11/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Data_Collection_Techniquesarchive.org

https://forums.whonix.org/t/long-wiki-edits-thread/3477/2264archive.org

https://forums.whonix.org/t/long-wiki-edits-thread/3477/2266archive.org

27/11/2022[edit]

swapped with weekend

25/11/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Post_Install_Advicearchive.org

https://www.whonix.org/wiki/KVM#Startarchive.org

https://www.whonix.org/wiki/Qubesarchive.org

https://www.whonix.org/wiki/VirtualBoxarchive.org

https://www.whonix.org/wiki/Project-APT-Repositoryarchive.org

24/11/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Languagearchive.org

https://www.whonix.org/wiki/Common_CLI_Commandsarchive.org

https://www.whonix.org/wiki/Anon_Connection_Wizardarchive.org

https://www.whonix.org/wiki/Bridgesarchive.org

https://www.whonix.org/wiki/Network_Obstaclearchive.org

https://www.whonix.org/wiki/Stay_Tunedarchive.org

https://www.whonix.org/wiki/Desktoparchive.org

- Reading about page speedtests and manual tests

- Broken links used for buttons for social media

23/11/2022[edit]

- Created kicksecure and whonix new mastodon accounts on fosstodon

- Migrated kicksecure mastodon.technology and whonix.social to fosstodon

- Bug in creating kicksecure diaspora account due to email issue

- Fixed/added whonix and kicksecure social media profile page

- Tested new kicksecure/whonix upgrades: https://forums.kicksecure.com/t/adding-new-packages-will-be-installed-with-its-recommends/156archive.org

- Reported kicksecure firefox welcome page issue

- Speed issue with tb related to new banner: https://forums.whonix.org/t/donation-banner-reduced-page-loading-with-tb/16014archive.org

- Create accounts to odysee and rumble and link them to youtube

22/11/2022[edit]

Flood, Swapped with weekend

21/11/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Stable_Releasearchive.org

https://www.whonix.org/wiki/Old_Stable_and_Earlier_Releasesarchive.org

https://www.whonix.org/wiki/Testers_Releasearchive.org

https://www.whonix.org/wiki/System_Requirementsarchive.org

Mastodon replaced (later added) with diaspora for whonix footer note

20/11/2022[edit]

Fixing and discovering new workable Voip apps

Improvements discussion e.g qubes instructions separation

Outsource APx talk

Flatpak fix followup

Searching for new mastodon host kicksecure

19/11/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Stable_Releasearchive.org (Partially, then noindex, maybe nowiki for references if needed)

https://www.whonix.org/wiki/Old_Stable_and_Earlier_Releasesarchive.org (noindex, maybe nowiki for references if needed)

Replied to forums - KVM spice issue

18/11/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Stable_Releasearchive.org (Partial)

Fixed and improved sdwdate onion mirrors:

https://github.com/Kicksecure/sdwdate/pull/45archive.org

17/11/2022[edit]

Fixed/Reviewed links and/or Improved text:

https://www.whonix.org/wiki/Whonix_against_Real_Attacksarchive.org

https://www.whonix.org/wiki/Screenshotsarchive.org

https://www.whonix.org/wiki/Tor_Myths_and_Misconceptionsarchive.org

https://www.whonix.org/wiki/Why_does_Whonix_use_Torarchive.org

https://www.whonix.org/wiki/Downloadarchive.org

https://www.whonix.org/wiki/FAQarchive.org

https://www.whonix.org/wiki/First_Time_Userarchive.org

16/11/2022[edit]

Fixed links in:

https://www.whonix.org/wiki/Featuresarchive.org

https://www.whonix.org/wiki/Whonix-Gatewayarchive.org

https://www.whonix.org/wiki/Whonix-Workstationarchive.org

https://www.whonix.org/wiki/Comparison_of_different_variantsarchive.org

https://www.whonix.org/wiki/Trustarchive.org

15/11/2022[edit]

Fixed links in:

https://www.whonix.org/wiki/Fingerprintarchive.org

https://www.whonix.org/wiki/Aboutarchive.org

  • Searched for flatpak issue solver
  • Scanned kicksecure for broken links

7/11/2022[edit]

Fixed links in:

https://www.whonix.org/wiki/Comparison_with_Othersarchive.org

6/11/2022[edit]

  • Sorted out anbox in whonix and kicksecure
  • Added thunderbird successful email delivery method with screenshots
  • Upgraded JMP registration to latest steps
  • Discovering whonix/kicksecure mastodon technology deprecation
  • shifted users of whonix technology mastodon account to whonix social

3/11/2022[edit]

  • Testing waydroid on whonix = doesnt work as it need wayland
  • Checked missing kicksecure meta-packages: (compared to whonix packages)

https://forums.kicksecure.com/t/add-remove-extra-packages/135/4archive.org

  • Tested kicksecure-xfce-host installation on debian testing:

https://forums.kicksecure.com/t/kicksecure-xfce-host-not-installable-in-debian-12-removed-dependency/152archive.org

  • Checked adding new git commits

2/11/2022[edit]

  • Finished fixing links in

https://www.kicksecure.com/wiki/Dev/Build_Documentationarchive.org

  • Reporting broken links at homepage:

https://forums.kicksecure.com/t/remove-replace-broken-links-at-kicksecure-com/150archive.org

  • Finished adding illustrated images

https://forums.whonix.org/t/missing-libre-illustrative-images/3912/283archive.org

  • Issue with new forum theme and mobile (text in blue not shown)

1/11/2022[edit]

  • Adjusting I2P to make it work in whonix ws:

https://www.whonix.org/w/index.php?title=Progress_Reports&stable=0archive.org

https://forums.whonix.org/t/i2p-integration/4981/359archive.org

https://forums.whonix.org/t/i2p-client-inside-whonix-workstation-issues/15890/8archive.org

  • Discovering it wont work in Qubes-Templates (I2P upstream issue)
  • Finished Kicksecure wiki links fixes.
  • Discovering JMP need to have updates.
  • Checking videos needs.
  • Due to technical difficulties couldn't finish the rest of the working hours (shifted to weekend).

31/10/2022[edit]

Off Sick Leave

30/10/2022[edit]

Off Sick Leave

27/10/2022[edit]

  • Tested kicksecure installation on debian stable and testing and discovered:

- https://forums.kicksecure.com/t/sdwdate-failed-to-start-in-debian-12-bookworm-next-release/134archive.org

- https://forums.kicksecure.com/t/systemcheck-wont-load-work-on-debian-12-next-release/130archive.org

- https://forums.kicksecure.com/t/add-remove-extra-packages/135archive.org

- https://forums.kicksecure.com/t/not-having-a-default-browser-and-pressing-on-web-browoser-icon-in-xfce-will-give-annoying-bug/128archive.org

- https://forums.kicksecure.com/t/add-pyqt5-dev-tool-dependency-to-kicksecure-dependencies/129archive.org

- https://forums.kicksecure.com/t/changing-kicksecure-repository-to-tester-will-add-tor-by-default-to-the-repo/127archive.org

- https://forums.kicksecure.com/t/disable-unnecessary-startup-processes-e-g-evolution-calendar/126archive.org

- https://forums.whonix.org/t/thunderbird-skipping-apparmor-profile-usr-bin-thunderbird/15883archive.org

- Uploaded the renewed Whonix Stream Isolation image

26/10/2022[edit]

Fixed all links available in this section: https://www.kicksecure.com/wiki/Design#General_Developer_Pagesarchive.org

25/10/2022[edit]

24/10/2022[edit]

23/10/2022[edit]

22/10/2022[edit]

20/10/2022[edit]

  • Bureaucracy
  • Testing whonix latest image with vbox 1.6.40
  • Testing whonix latest image with vbox 7.0.2

19/10/2022[edit]

18/10/2022[edit]

  • Bureaucracy
  • Uploaded the rest of whonix features
  • Remove FB from sdwdate mirrors (from my PR), Add sdwdate mirrors to forums
  • Investigating memory usage with TB-Alpha freeze
  • Testing flatpak whitelist with hardened whonix

17/10/2022[edit]

  • Added more mirrors to sdwdate
  • Investigated and reported TB-Alpha freeze to TPO
  • Tested Whonix latest release over vbox
  • Bumped whonix/kicksecure release in the wiki to latest release
  • Fixing qubes-shutter issue
  • Bureaucracy

16/10/2022[edit]

Swapped with weekend

Footnotes[edit]

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!