[Whonix-devel] timesync for Whonix 6

adrelanos adrelanos at riseup.net
Thu Aug 15 21:21:37 CEST 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Could you glimpse at this page please? You don't have to read all of it.
https://whonix.org/wiki/Dev/TimeSync

I am currently in process of redesigning how whonixcheck and timesync
are started as daemon and notify the user to fix issues #55.

If everything goes well, timesync shouldn't often fail.

If it fails after boot, because network is down, it could say network
is down and it will keep asking Whonix-Gateway if network is up and
run after Whonix-Gateway says network is up. Or say nothing at all.
This is more a question of balance between better debugging our tools
and educating internals vs. making it just work. I am not sure, I am
yet capable of just works always in all cases.

Timesync in Whonix-Workstation 6 will run at least every 60 minutes.
With a minimum of 10 minutes in between. And the rest of the numbers
between 60 and 10 are randomly choose to prevent creating a Whonix
network fingerprint (such as always x amount of traffic at x.30).

If it fails once, its not a big deal. Maybe it fails because the host
internet connection went down. What should it do? Inform? Or wait
until it failed 5 times and inform then?

Well, it could start failing forever, if there is a bug in timesync.
There shouldn't be any now, but you never know what happens for
example when curl gets updated.

It could also fail when users change settings in /etc/sdwdate.d/
configuration folder. Or it could fail if the servers we are using
stop accepting connections from the Tor network. Or an evil Tor exit
node could let timesync fail by blocking connections to those servers.

(Timesync fails are recognized and won't cause a crash, I am thinking
how to react on such failures.)

At the moment in Whonix 0.5.6 timesync will also inform the user after
boot, that timesync succeeded using a passive popup (fade in message).
- From then, when its succeeds, it says nothing, if it fails, it will
show a popup with an error message. [1]

For Whonix 6, when no graphical user environment is started, success
messages after boot, timesync failure messages and whonixcheck
periodic run (at least every 24 hours) results are written to tty1,
which is documented here:
https://whonix.org/wiki/Desktop#whonixcheck.2Ftimesync_writing_to_tty1

I am not entirely liking it yet. When you are using a graphical
desktop environment (most Whonix-Workstation users will do), you'll
see those old messages when restarting or powering off. That might be
confusing. If they reacted to the graphical whonixcheck and followed
advice to update, then they shut down and see the old notification, I
am sure it will cause confusion. I am not sure how to solve that best.
Maybe when a graphical desktop environment is running, it shouldn't
write the tty1? Not sure if I can reliably detect that.

Later, after Whonix 6, whonixcheck/timesync gui can be improved. I
have a tray icon in mind, with is either green, yellow, red or working
depending on its state.
Green: everything ok.
Yellow: no connection to Whonix-Gateway (maybe that should be a symbol)
Red: There are updates not installed yet, other issues or any bugs
have been caught.

[1]
timesync
- ----------------------------------------------------------------------

Network Time Synchronization (timesync) done, but no success!!!
Is your internet connection down?

Test your internet connection: Start menu -> Applications -> System ->
Whonixcheck
                               or in Terminal: whonixcheck
                               or in Terminal with debugging:
whonixcheck -v

See logfile: tail -f -n 20 /var/log/htpdate.log
See status files: cd /var/run/htpdate && dir
Try again: Start menu -> Applications -> System -> Whonix Timesync
           or in Terminal: timesync
Last resort: manually set the clock! (In UTC!):
             sudo su
             date -s "17 FEB 2012 24:00:00" && hwclock -w


-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJSDSo2AAoJEJwTGtNxOq7vJ7sP/iiAGJ02x/yR0KadxLC9syIN
//0oN9ohIYP+yjqCh5n8tLc8tUXeXf1GYvu1uN4aQgGv7FHz+hbhX0LRoZjMMwsI
0z2HSx3YCch0tP4zXR3fc0JwkzDxV282svMIu/ofM4clDv6uOT0jYr/zLxeccjWc
eLh6I0Q3F3l4pRqEhQKqtWLJykOxviPod8zkZuaiWNyKGaIaMz1oT8czmS3ReUBv
arZkSiwLfqX1ynyiVekSXlkl2UGGLJ4xhSUyLj3l9UZ0zL74ynshqdmRn8n2ufXG
uiQ2k+WqtTeIAO+BshW7CzvmDS4BbdruBT4+Le6n6RXaExiScHQ/NSkuI36LbhI4
yVKlDtnN5op5xOzoQfgq9aNkI/wN6PsyXdBj4EKoWyaDZudZZYOAkRcopn8bH8Xa
zwduHColVemmWximRdk9UQ/MOlrvdxUbG4qP1b2MAaOrJ2O322fSF3KMoBDqbvig
uLeeaA8RAINz7woCMZEsupeoEKIlBmXE+d7dlwLL9nSFftV3U3FBJrogDmOvbeLv
LPzjvCm8Lrjyr7Z4rLisTOTVP7A1/E28VFCgp0n1+fbPjEmnmREh90L2l7/O1MIm
qzOLRHLaOtFt45a7nbPVS4Kr2TZ6Yn3HS4saeOSJZwr1HPo9e8etAmsOBwPX6eaB
GuEW/Xm95/PLTehAdRr0
=U+wW
-----END PGP SIGNATURE-----

More information about the Whonix-devel mailing list