[Whonix-devel] [Secure Desktops] Hi!

bancfc at openmailbox.org bancfc at openmailbox.org
Mon Jan 30 00:35:03 CET 2017

On 2017-01-29 03:03, ng0 wrote:
> Hi,
> bancfc discovered my work and thought it would be a good idea if
> I sign up for this list, to share and minimize duplication of
> work.

Awesome stuff. More below. Thanks for posting.

> I'm working on a live-system which initially, in its first
> version, will be used as a live-system for secushare[0] (which
> also implies GNUnet to some degree) with the system being a blend
> of GuixSD[1]. The choice was between Gentoo, NixOS and GuixSD
> (more about that in the potential, as of right now unwritten,
> explanation post about the system).
> There's no name so far for this version, but I have my ideas
> about later versions which will be based on the experience with
> this system.
> There's no public documentation so far: the internal onion-only
> server I share the issue tracker with is currently being moved to
> a new server which will be exposed to both onion-space and some
> .org domain.
> The very short TL;DR before I manage to write a text on this
> system is:
> Describing it as "similar to TAILS" is only to make a shortcut in
> explanations, for the first version will 'optionally' come with
> a secure_delete use similar to TAILS. For secushare this is too
> much over the top, but for me it's a nice test of
> reimplementation (GuixSD uses shepherd as its init system).
> The rest is nothing groundbreaking: time-service will be
> tlsdated, software will include some useful tools in addition to
> gnunet + secushare.

With the controversy surrounding the tlsdate author the package is 
unfortunately no longer maintained. Also because it relies on CA SSL 
certs we could never trust that it won't MITM'd by capable adversaries.

We opted for writing our own time sync daemon "sdwdate" [1] instead. 
Some advantages is that all servers it connects to are Onion sites and 
are likely not hosted on cloud-sites like cloudflare - to decrease 
chance of collusion. Limiting leaks of system time to the network is 
also one area we really focused on because of deanonymiation and risk. 

We plan to spin off the time synchronization daemon as its own project 
at some point as a secure replacement for NTP in general. With its 
current design it cannot scale to millions of systems because there 
simply is not that many trusted Onion servers to handle the load. I am 
really interested to see the ways GNUnet can do away with trusting 
server endpoints and scaling the time protocol.

[1] https://github.com/Whonix/sdwdate
[2] https://www.whonix.org/wiki/Time_Attacks

> The long-term goal I have and which I want to push for is to
> implement what has been discussed for much to long in the Guix
> project: binary software distribution via gnunet-fs. Previously
> development on this subject stalled[2] because of several,
> non-technical, issues. I have some additions of my own,
> non-technical ones, to the distribution via gnunet-fs solution.
> In the end, I'd like to replace the time-service through a gnunet
> based solution, updates via gnunet, and in general make "legacy"
> net use optional.

Nice! We'd love to have decentralized alternatives to our project repos 
(and project news and notifications) that can't be censored.

> That's the system for secushare. I take it one step further
> afterwards and will try to craft different blends of this, some
> resulting from off-list conversations I had.
> And because someone recently asked this: I hope to be done with
> the core system (which doesn't include the gnunet-fs and
> time-service changes) by the end of the year, even much more
> optimistic: before/around august.
> But you know how deadlines in packaging are. So to say, the core
> system is about ~80% done now, the 20% rest depends on:
> - minor gnunet testsuite debugging
> - secushare prototype work
> - getting around 100 rust packages to a functional state
> - writing and debugging a handfull of system-services
> - packaging more optional software
> Architecture: I plan to target i686 and x86_64 first, and arm as
> soon as GuixSD has been ported for arm.
> I hope this message wasn't too much text and no real content,
> it's easier to read issue trackers when they are public or to
> read focused texts which weren't written at around 01:46 UTC.
> [0]: http://secushare.org | http://secushare.cheettyiapsyciew.onion/
> [1]: https://gnu.org/s/guix
> [2]: This is not entirely true, some parts were developed, while
>      others were just discussed with Google Summer of Code
>      students or doctoral students and when the GSoC ended they
>      simply no longer worked on it (or they had the exact right
>      ideas but execution happened only on some parts or they just
>      moved on (I don't want to speculate or judge about the
>      actions of people I do not know). It became
>      so not very obvious that work has happened before that I had
>      only discovered that some of the theoretical technical solutions
>      I came up with have been discussed prior to my first contact
>      with Guix when I started reading the mailing lists archives.

More information about the Whonix-devel mailing list