Major Updates for Qubes + Whonix!

Hello everyone, WhonixQubes here. :D

I wanted to finally update you on some major updates with the Qubes + Whonix platform that have been accomplished over the past few months.

TLDR Summary:

Qubes + Whonix is the seamless combination of Qubes OS and Whonix OS for best-in-class Security + Anonymity.

The Qubes + Whonix port has been fundamentally upgraded to a native seamless architecture (ProxyVM + AppVM).

Qubes + Whonix is now easy to install (Install Guide available on the wiki) and most all of the past usability issues have been fixed.

We now have upstream integration into the Qubes codebase and templates repository.

We now have newly updated documentation guides on our wiki with more to come soon.

Based on Qubes OS R2 and Whonix OS 9.6, the current newly released versions of the new Qubes + Whonix RPM templates is 2.1.8 and DEB updates package is 9.6.2.

Qubes + Whonix Primary Sources:

- Wiki: whonix.org/wiki/Qubes
– Forum: whonix.org/forum/Qubes
– Blog: whonix.org/blog/Qubes
– Tracker: whonix.org/tracker/Qubes

Full Version:

First: What is Qubes + Whonix all about?

Qubes OS (qubes-os.org) is one of the most secure OS architectures you will ever encounter that is able to withstand greater attack due to its advanced isolation properties.

Whonix OS (whonix.org) is a Tor-based virtual machine OS for anonymizing all of your traffic through Tor in a meaningfully more optimal and secure way than normal.

Qubes + Whonix is the seamless combination of Qubes OS and Whonix OS for best-in-class Security + Anonymity.

New Architecture:

Last year, I accomplished the first port of Whonix OS over to Qubes OS.

Now, with big thanks to nrgaway, we have a new — much improved — seamless combination of Qubes + Whonix.

The new Qubes + Whonix is a much more natively integrated, seamless and easy to use combination of Qubes + Whonix.

Instead of the old TwoHVM architecture, we now make use of a seamless ProxyVM + AppVM architecture.

The Whonix-Workstation is installed as an AppVM in Qubes, which is where your user applications reside, and all of their traffic gets forced through the separate Whonix-Gateway Tor ProxyVM.

The Whonix-Gateway is installed as a ProxyVM in Qubes, which is where your Tor connection proxy resides, and is securely isolated so that malware can’t simply circumvent your Tor connection to easily find out your real identity, as it can with other Tor systems.

With the new architecture, we have seamless GUI desktop integration with Qubes OS.

And we have Qubes tools integration that allow for things like easy-and-secure copy/paste as well as easy-and-secure file moving between VMs.

From the base TemplateVMs, you can dynamically generate as many Whonix VMs as you please, to use simultaneously, for more optimal anonymous workspace isolation.

The new native port architecture of Qubes + Whonix is much more useful.

Upsteam Integration and Install/Updates:

The Qubes team has enjoyed our work on Qubes + Whonix and we now have upstream integration in the Qubes codebase and templates repository.

This also means that installation is very easy to do via the RPM packages (Install Guide available on the wiki).

Also, much of the Qubes + Whonix code has been moved out of the Qubes template builder codebase to an independent Whonix package called “qubes-whonix”.

This qubes-whonix package will now allow us to push more convenient updates to Qubes + Whonix without always needing to rebuild and reinstall the underlying TemplateVMs.

So install and update are much improved.

Qubes + Whonix Packages:

There are now three packages specific to the Qubes + Whonix platform now:

- Whonix-Gateway TemplateVM which comes as a RPM package in Qubes and is currently at version 2.1.8.

- Whonix-Workstation TemplateVM which comes as a RPM package in Qubes and is currently at version 2.1.8.

- qubes-whonix which comes as a DEB updates package in Whonix and is currently at version 9.6.2.

These current versions are based on Qubes OS R2 and Whonix OS 9.6.

New and Improved Documentation:

We have new documentation for Qubes + Whonix on our wiki (whonix.org/wiki/Qubes).

Here you can learn more about the platform and get some primary guides on how to work with Qubes + Whonix.

The new documentation was just recently launched and more is being added throughout the near-term future.

To learn more, go check it out the wiki documentation for yourself.

Also, the general Whonix wiki has extensive knowledge available about optimizing your Tor-based anonymity.

So, if you want to supercharge your Security + Anonymity, then feel free to try out Qubes + Whonix.

Also, if you’ve got skills, feel free to get in touch and join in on the development effort of the Qubes + Whonix platform.

More improvements coming soon.

Thanks everyone! :D

WhonixQubes

Qubes + Whonix Primary Sources:

- Wiki: whonix.org/wiki/Qubes
– Forum: whonix.org/forum/Qubes
– Blog: whonix.org/blog/Qubes
– Tracker: whonix.org/tracker/Qubes

Posted in Qubes

Poisoned Fruit

https://firstlook.org/theintercept/2015/03/10/ispy-cia-campaign-steal-apples-secrets/

The classic paper on compilers called “Trusting Trust” sheds light on the most devastating type of attacks
in a computing environment. An attacker altering a compiler binary can make it produce malicious versions of every program it compiles, including itself. Once this is done, the attack remains undetectable in perpetuity:

http://cm.bell-labs.com/who/ken/trust.html

Apple sunk millions of dollars
into creating LLVM just to undermine GCC and to close off their development chain from developers. The problem with their closed proprietary model is that there can never be a way for users to
verify that their binary copy of the compiler is derived from clean
source code. Apple want to prevent users from seeing the source for
the compiler and spies are taking advantage of this.

Apple also bans GPL software from their Appstore.

This ladies and gentlemen is why the world without GCC would be a very dark place. Revelations like these vindicate Richard Stallman and his philosophy.

To no amazement, the tree of secret proprietary development can only bear the fruits of sabotage. By backdooring the compiler, as they do with Apple’s Xcode, the Intelligence Community is poisoning entire software ecosystems. For them its OK as long as they can get at a few bad apples. See what I did there? :P

Screw you Apple for viciously attacking Free Software, you reap what you sow.

My favorite part:
“I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will,” Cook said last September in announcing Apple’s new privacy policy.

LOL ever heard of PRISM Mr. Cook? What do you mean you “never” allowed access to your servers? Last time I checked all surveillance programs foreign and domestic are still in place and being beefed up as we speak. Before you make privacy Apple’s next marketing gimmick you’d do well to keep up with the headlines.

Posted in Uncategorized

The ‘Libre’ in Libre Software

For those of you using proprietary platforms, powerful privacy tools may be your first encounter with Libre Software.

Unlike proprietary software, Libre Software is not some opaque mysterious blackbox, a shrink wrapped “product” or even a development process.

Libre Software is an evolving dialogue between contributors and users, constantly improving and evolving to meet their needs and yours too if you participate in the discussion.

It is a community dedicated to protecting your inalienable human rights in a predatory, global corporate-government surveillance climate.

By its definition, Freedom cannot force itself on you or choose you, you must choose it. If you enjoy using Tor and Whonix I encourage you to try a GNU/Linux distro as your host OS.

(Anything but Ubuntu though. It saddens me to make an exception but their hostile actions against the community and user privacy make them untrustworthy)

Posted in Uncategorized

Whonix KVM is Back!

After a brief hiatus I am retaking up maintenance of KVM Whonix.

Feel free to leave comments or raise support concerns in the dedicated sub-forum.

Posted in Uncategorized

First Bounty! 3.000 $ – Build Debian Packages from Source Code

For Task Details see:
https://www.bountysource.com/issues/9115540-build-debian-packages-from-source-code

Bounty too low? How to apply?

1) Go to https://www.bountysource.com/issues/9115540-build-debian-packages-from-source-code
2) Click on “Developers”
3) Click on “Get Started”
4) Select Status “Bounty too low”
5) Enter your offer and press “Save”.

The bounty may then be increased by if realistic and sustainable.

If you have any questions, please get in contact.

Posted in Development

Legal

Categories

Archives

Contribute

Would you like to contribute to the Whonix project?

Contributing can be as easy as sharing the blog over social media, volunteering, or making a monetary donation.

For more ideas on how to get involved see the "Contribute" and "Testers-Wanted" categories.

Thanks!

- Whonix Staff