{{Header}}
{{title|title=
ToDo for {{project_name_long}} Wiki Devs
}}
{{#seo:
|description=Website Enhancements Planning
}}
{{devwiki}}
{{intro|
Website Enhancements Planning
}}
= TODO: ADMIN - SOON =

= TODO: ADMIN - DELAYED =
== archivebox ==
https://archivebox.io/#quickstart

== illustrative images creation ==
Implementation probably needs discussion.

* Hiding your identity is harder than just hiding your IP.
* You can't be anonymous without being secure.
* your Whonix with Tor versus your IP without Whonix
* route randomization
* Ask yourself - privacy by design / privacy by policy
* freedom / freedom security / security
* why security matters
* why anonymity matters

'''DEV'''
* It was agreed upon with admin that these tasks need a media / posting strategy first
* So this task is delayed until admin has such a strategy

== new thank you donation message ==
1) CORS issues are fixed now? (Patrick attempted to fix these.)

2) explain Patrick how to draft a HTML e-mail with text-only fallback in Thunderbird

3) Possible to have a plaintext fallback if HTML is disabled by the e-mail client?

4) e-mail for

* Kicksecure
* Whonix

5) bug?

This page is in Quirks Mode. Page layout may be impacted. For Standards Mode use “<!DOCTYPE html>”.

https://developer.mozilla.org/docs/Web/HTML/Quirks_Mode_and_Standards_Mode

Valid HTML better / good idea for best e-mail reader compatibility?

'''DEV'''

# How can I check CORS issues?
# In thunderbird multipart email can be accomplished by going to "Options > Sending Format" and choose "Both HTML and Plain Text"
## This Sending Format however only seems to take effect if the mail is truly sent. So saving it as a draft and then "saving as" .eml does work but does not create a multipart email
## So maybe admin should send the email to his own email address and then save the .eml file
## However this eml file needs to be modified for each recipient, so there needs to be more work done
## Maybe another mail software needs to be involved
# The plaintext fallback is exactly what we want to accomplish with multipart
# What is meant with task 4?
# Maybe live discussion is needed

Patrick:

send HTML <code>Content-Type: multipart/alternative; boundary=</code> message

{{CodeSelect|code=
cat filename.txt {{!}} sendmail -i test@test.com
}}

== MultiWiki: delete deleted files ==

'''DEV'''

* I suggest upgrading mw-multi-wiki
* Currently it is the case that files which are deleted are not updated during mw-multi-wiki deploy
* This means that a dev would have to delete the other files manually and keep track somewhere which files to delete later
* This is a problem because sometimes files should not be deleted before everything is finished and admin has approved development. And it also cannot be deleted before because then the wiki which is not updated yet would not function anymore
* So I suggest admin upgrades the mw-multi-wiki script and checks for formerly Category:MultiWiki files that are now deleted and delete them too
* Or maybe find another solution

Patrick:

* How mw-multi-wiki could detect deleted files from Category:MwDeleteMe?
** Currently mw-multi-wiki uses MediaWiki API to look at https://www.kicksecure.com/wiki/Category:MultiWiki
** Once a page is deleted, it vanishes from the Category:MultiWiki page. Therefore mw-multi-wiki "forgets" about its existence.
* '''A)''' mw-multi-wiki could be stateful and "remember" which pages were ever in mw-multi-wiki but that's ugly because then an idempotent, clean script would be dependent on remembering the state in some state file. The state would be difficult to share among developers.
* '''B)''' A Category:MwDeleteMe could be invented. Delete all contents from the page and add that Category. Then mw-multi-wiki could remove it first from slave and eventually form the master wiki. Also non-ideal because not an intuitive process as it requires the developer to remember this because it's not a simple as using as using the wiki's internal deletion feature.
* '''C)''' Deletion log https://www.kicksecure.com/wiki/Special:Log/delete doesn't contain categories.
** Parsing the deleted revision for Category:MultiWiki might be error prone (if a wiki page was MultiWiki in the past but then it was only a comment).

status:

Patrick asked on the MediaWiki mailing list. https://lists.wikimedia.org/hyperkitty/list/mediawiki-l@lists.wikimedia.org/thread/DIREH7YFVQPYHIJFFUXNBE6PVJ6OSMUX/

new idea: diff the categories in the different wikis

report only

== MultiWiki: Think about PHP files ==

* For the workflow it would be good to not only deploy the js and css files to the "slave" wikis, but also the php-scripts for combined and headscript content
* Pro: if there are more than 2 wikis (which are not at the moment) then it's way easier to manage
* Con: At the moment it's not necessary. And we would need to be very careful with who gets the rights

== Stage Server as Master ==

* MultiWiki feature requests:
** The idea is the separate MultiWiki files into "code" (js, css files) and "content" (content pages)
** pull code (CSS, JS, widgets) from Kicksecure stage server
*** How about templates such as [[Template:Header]]?
**** These need to be in a special category to be recognized as code?
* stage server feature request:
** The stage server becomes the master server for code files. That way new scripts can be developed and tested on the stage server without disrupting the normal production use of the public wikis. Once a new feature is ready it can be multiwiki deployed from the stage server (master) to the slave wikis
* For content pages the Kicksecure wiki might still be the master however

== check this stuff ==

* https://developer.chrome.com/docs/devtools/application/back-forward-cache/
** This is a browser dev tools functionality
** Checks if a page stays in cache forwards and backwards
** Dev has tested this on both wikis on hp, about, download, docs and donate - works fine everywhere
** Does probably not need to be documented because Lighthouse does this automatically and gives error messages if not working
** A site note: They explain that cache-control: no-store should be used only for pages that have private information, everything else no-cache
* https://www.mediawiki.org/wiki/Snippets/Load_an_additional_JavaScript_or_stylesheet_file_on_all_pages
** This gives another method to load styles and javascript for all pages
** This is not needed because we already have our own build process and headscript
* https://marketingpipeline.github.io/CSS-Image-Loader/index.html
** Here is the main link https://github.com/MarketingPipeline/CSS-Image-Loader
** This is a topic that Dev research a while ago
** It's basically a hack. That hack might become an HTMl feature in the future, it would make sense. But for now it's using a common browser W3C-non-conformity (i. e. images may not have after or before pseudo elements).
** The author himself states <blockquote>Note: this is just a proof of concept. You should still provide a fallback source for your images using an onerror etc. As iOS / Webkit devices do NOT currently support the CSS attribute ::before needed for the fallback error image.</blockquote>
** Conclusion: Not recommended to use currently.
* https://medium.com/free-code-camp/using-svg-as-placeholders-more-image-loading-techniques-bed1b810ab2c
** In this article some best practices for image are discussed
** We use some of the techniques already (for example for the preloaded hero images
** Dev did see nothing that we would need to implement right now
* https://github.com/kizule/mediawiki-extensions-Kicksecure
** This is just a hello world right now. Not sure what should be accomplished here?
* https://textoptimizer.com/
** Seems like an interesting tool
** Appears to be a "tag cloud from the internet"
** Dev not sure how useful. Can be good for SEO, but needs a lot of work, because those words cannot be just pasted in
** The tool also offers an AI assistent, but it's probably risky to "AI-ify" the whole website just for (questionable) SEO improvements
** Also this tool is free for now which is suspicious. Probably a venture capitalist project with a lot of VC money which will cost a lot in the future
* https://github.com/vozlt/nginx-module-vts
** Seems very interesting

== Server forcing browser cache clear methods ==

'''DEV'''
* As discussed with admin a method for forcing the browser to reload a document by the server is needed - especially for the mobile browsers. They sometimes don't even reload the document, but just the headers and they seem to ignore or misinterpret our cache headers
* Suggestions: Admin could use
** <code>cache-control: no-store</code> : This would be a very aggressive anti cache strategy that prevents any caching. It's maybe too aggressive, but mentioned for completeness
** <code>cache-control: no-cache, must-revalidate</code> : no-cache does not prevent the use of caching, but forces the browser to revalidate with the origin server
** <code>ETag: [versionId]</code> : The Etag header could be used. This is basically a version number header for the document
* Opinion
** We are currently using: <code>cache-control: s-maxage=86400, must-revalidate, max-age=0</code>
** Dev thinks that we are missing the <code>no-cache</code> value. This should be tried first. All the big platforms seem to have it https://fred-gu.medium.com/fix-the-annoying-web-page-caching-issue-permanently-5d16527d0b5a
** ETag also seems like an interesting method. The article above does not mention ETag, but it might be there. But browsers could also ignore ETag
** No-store seems too aggressive and can maybe only be used if the request has the <code>?debug=true</code> query. But on the other hand our developer bypasses are good enough Dev thinks
* For more information
** https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
** https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag
* different per resource:
** https://www.kicksecure.com/mw-autogen/mw-combined-skincss.min.css?css-extension=1&hsversion_from_server_replacement_unixtime=1743067824&hsversion_from_server_replacement_unixtime=1743067824&hsversion_from_server_replacement_unixtime=1742808625&hsversion_from_server_replacement_unixtime=1742808625
** https://www.kicksecure.com
* backend server vs frontend server
* goals: caching users versus debugging developers

= TODO DEV =
== pay what you want modal - add legal text ==
* "There are five ways to support Kicksecure financially: (1.) [...]"
** todo: discuss shortening of the text on [[Donate]] so it gets easier to re-use it for the pay what you want modal
* similar as on [[Donate]]

'''DEV'''
* Discussion
*# Dev suggests keeping the page Donate with more text.
*#* This is the one page where Whonix can lay out its case for wanting the users to donate
*#* But there is room to improve the page. Dev suggests making the page a bit like [https://www.whonix.org/wiki/Users_of_Whonix Users of Whonix] without the alternating side switches and a bit shorter. We lay out the case why its important (and great) to donate to Whonix / Kicksecure.
*# The shorter text could be used as an intro (template?) to Donate, but should not replace the whole text of the Donate page
*#* New Text suggestion: '''Our free software empowers users like you! Your donation helps us improve and keep it at the highest standards!'''
*# Dev also suggests creating another brand as an umbrella for Whonix and Kicksecure. So it's easier to say "donate to XYZ", instead of donating to Whonix or Kicksecure.
*#* The name should also strongly present the mission, which is implicitly already there - represented in Whonix and Kicksecure
*#* A strong brand can be an even better pull for donations than Whonix or Kicksecure singularily. It's like with Firefox and Mozilla. Do you rather donate "to the software Firefox" or to the "Mozilla foundation with its great mission and all its great projects"? (Their reputation has been tarnished recently by their own doing but that's beside the point)
*#* If the brand Whonix is still the main pull for donations than the new name could involve Whonix itself like "Whonix Initiative" or we could use something similar like "Whonity Institute / Alliance / Hub"

Patrick:

* This is only about legal.
* pay what you want modal lacks legal notice.

'''DEV'''
* A shorter legal text was designed - using AI and own ideas. See below
* Explanations
** It seems there are only 4 ways, not 5, so this was changed
** 1 and 2 were reasonably shortened
** 3 was made less complicated. It is also possible to further shorten "consultation will be provided accordingly" to "consultation provided accordingly". This is sufficient for legal docs, but may be harder to understand for non-english natives
** 4 was shortened while also keeping the legally needed additions
** Note A was added to generalize tax-deductions. And corporations was changed to businesses, because this might also apply to smaller businesses
** Note B was added to generalize, because charitable donations might also be interesting for individuals in some countries, so it's made clear that they are neither supported nor deductable for anyone

<blockquote>
Support {{project_name_short}} in two ways: (1.) Purchase [[Plus Support]]. (2.) Contribute any amount in lieu of donation - consultation will be provided accordingly. (Note A.) Businesses may be able to claim Plus Support as a tax-deductible expense - consult a tax advisor. (Note B.) Charitable donations are not supported or tax-deductible for any party.
</blockquote>

Patrick:

* Legal text above updated.
* pay what you want modal -  legal text needed
* see screenshot provided (non-blocking)

'''DEV'''
* Done
* Donate Legal Disclaimer has own Template now [[Template:Donate_Legal_Disclaimer]]
* Template re-integrated in Donate page
* Template integrated in download donate modal via ajax
* removed superfluous legacy code in download/donate modal
* Test here [[ISO#Download.2C_Create_Live_USB]] and check here [[Donate]]

Patrick:

* legal text looks great!
* bug: crypto donation icons look broken - see screenshot provided non-blocking
* server cacheclear + new Tor Browser profile - so there should be no caching issues

== Update Archive Link with new functionality ==

* Update Archive Link template with new functionality, mirrowing the current update of the link-to-archive extension

'''DEV'''
* This task is still on wait
* Please put into todo after reviewing link-to-archive extension update

'''DEV'''
* DONE
* New features were implemented
* Old logic was improved
* Main files: [[Template:Archive_link]] and [[Widget:Archive_link]]
* Documentation was updated [[Dev/mediawiki#Archive_link_.28Template.29|Archive_link (Template)]]
* wikitests were updated and restructured and new tests were introduced [[Dev/wikitest#Archive_Link_.28Template.2C_nested_Widget.29|Archive_Link (Template, nested Widget)]]
* Logo sizes in link-to-archive extension was adjusted to match Archive_Link style
* multiwiki to Whonix and testing

Patrick:

* back to the root: What's the purpose of archive_link?
** Greater control about what links are generated in case mediawiki-archive-link extension for is insufficient.
* two use cases:
** auto: use archive provider search link
** specific:
*** archive= specific archive link provider (web archive)
*** today= specific archive link provider (archive today)
*** archive= + today= (use both, web archive and archive today)
* url= maybe (if available, online)
* onion= maybe (if available, online)

* needed syntaxes:

{{Archive_link
|text=Download Tor Browser in your language
|https://www.torproject.org/download/languages/
|https://web.archive.org/web/20250322145618/https://www.torproject.org/download/languages/
|https://archive.ph/QfMV5
|http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/download/languages/
}}

* needed syntaxes:

<pre>
{{Archive_link
|text=Download Tor Browser in your language
|https://www.torproject.org/download/languages/
|https://web.archive.org/web/20250322145618/https://www.torproject.org/download/languages/
|https://archive.ph/QfMV5
}}

{{Archive_link
|text=Download Tor Browser in your language
|https://www.torproject.org/download/languages/
|https://web.archive.org/web/20250322145618/https://www.torproject.org/download/languages/
}}

{{Archive_link
|text=Download Tor Browser in your language
|https://web.archive.org/web/20250322145618/https://www.torproject.org/download/languages/
}}

{{Archive_link
|text=Download Tor Browser in your language
|https://web.archive.org/web/20250322145618/https://www.torproject.org/download/languages/
}}
</pre>

* perhaps if specifically setting today=https..., disable everything else? yes

'''DEV'''
* New specification was discussed and implemented, documentation see [[Dev/mediawiki#Archive_link_.28Template.29|Archive_link (Template)]], also link to wikitests there
* New [[Template:ExtLink]] (and widget) was created
* On Kicksecure all instances of Archive_link were updated to the new syntax with the help of this RegExp Search <code>{{[aA]rchive[_\s][lL]ink</code>
* Open: apply all updates to Whonix

== Kicksecure forums - header missing on mobile ==
* todo
* see screenshot provided (nonblocking)

== Kicksecure forums - link color fix ==
* Kicksecure forums have a poor background color for text containing hyperlinks.
* TODO: Make hyperlinks cleaner and more readable for users.

== AI code review ==
* o3-mini-high
* GPT 4.5
* increased priority so should there be any changes, there's enough time to test these
* check all custom HTML, PHP, JS and extensions

== CodeSelect - overlength bug on mobile ==

Example text:

* For Qubes, the following command is executed during the initial installation of <code>dist-base-files</code>: {{CodeSelect|inline=true|code=
zless /usr/share/doc/dist-base-files/changelog.Debian.gz {{!}} dpkg-parsechangelog -l- -SVersion
}}

== div class pre - extraneous newline bug ==
* example:

<div class="pre">first line
second line
third line</div>

* bug: there's an extraneous newline between second line and third line
* please add a to [[Dev/wikitest]]

== document our github.io stub domains ==
* add to [[Dev/wiki]]
* https://kicksecure.github.io/
* https://whonix.github.io/

== primitive based hero image ==
* https://github.com/fogleman/primitive
** This seems like a pretty brilliant technique. Could also be considered an art style
** Dev used something similar (but not as advanced) to create the hero image svg previews
** The question for us if we want to use it in the future is: How easy is it to use? How much control do we get over the interations?
** If it works with the command line so easily that could be great (needs to be tested)
** Judging by the possible flags Dev thinks it could be useful
** So yes, great find. Needs to be tested though
* Please try.

== footnote highlighting ==
* When a footnote is clicked it is currently getting a gray background. This is good. Please improve. For example, draw a border around the footnote, if feasible. Other alternative ways to highlight the footnote better are also possible.

== homepage - sort out ==
* todo: discuss
* unduplciate feature mentions
* Kicksecure: security features only
* Whonix: anonymity features only

== documentation - sort out ==
* [[Documentation]]
* same as above

== homepage - new features content ==
* Kicksecure
* Whonix (?)

features:

* integrate into extensive documentation (already existing entry): an implementation of the Securing Debian Manual
* https://www.kicksecure.com/wiki/Dev/Strong_Linux_User_Account_Isolation#libpam-tmpdir
* https://www.kicksecure.com/wiki/Dev/Strong_Linux_User_Account_Isolation#Permission_Lockdown
* [[Dev/Strong_Linux_User_Account_Isolation#umask_hardening|umask hardening]]
* [[Keystroke_and_Mouse_Deanonymization#Mouse_Fingerprinting|Mouse Anonymization]]

upcoming:

* already available as opt-in:
** [[Security-misc#Reduce_Kernel_Information_Leaks|Reduce Kernel Information Leaks]] / hide hardware information
** [[Security-misc#hidepid|hidepid]]
* in development:
** [[noexec]]
** [https://forums.whonix.org/t/lock-down-interpreters-compilers-interpreter-lock-compiler-lock/18499 interpreter lock]
** [[sysmaint]] / [[Dev/user-sysmaint-split]]

== video link ==
* [[Template:VideoLink]]
* see screenshot provided (nonblocking)
* google off or improve: Videos general icon

== book alike style backwards and forwards navigation ==
* for example, see https://www.debian.org/doc/manuals/securing-debian-manual/ has a nice "book alike" style experience with virtual "book pages"
** there is a <code>forward</code> <code>-></code> button
** after clicking it, there is also a <code>backward</code> <code><-</code> button
* TODO: Kicksecure, Whonix:
** Possible to introduce such buttons for our wikis?
** https://www.mediawiki.org/wiki/Extension:PageAfterAndBefore might have done that but has been deprecated.
** How to keep the content easily manageable? Issues such as:
*** New pages might be introduced somewhere in the middle of the "book" at some point.
*** A page might be removed (since it gets merged with another page).
*** In conclusion, the content will remain quite dynamic over time.
* ideas:
** page with higher numbers
*** page 1 would actually no get number 1. Instead it would get number 100. Therefore, it would be easy to wretch pages in between.
*** page 50 would actually no get number 50. Instead it would get number 500. Therefore, it would be easy to wretch pages in between.
*** The generator would order pages as per 100, 200, 250, 260, 300, 400, etc.
* features:
** previous and next page title - good idea to show or best omitted for clarity?
*** ← Introduction
*** Getting Started →
* implementation:
** could this be implemented using mediawiki templates? Do these support simple math?
** lua?
** custom extension?
* design:
** Should result in static, cacheable HTML, not always re-calculated. (This will probably be easy, automatic. Probably no special code required.)
** mobile friendly

== content improvements ==
===  Mobile Operating System Comparison - unclickable footnotes ===
* [[Mobile_Operating_System_Comparison#iPhone_and_Android|iPhone and Android]]: footnote 16 not clickable, footnote 20 not clickable, etc.

=== upstream_wiki template improvements ===
* https://www.whonix.org/wiki/Template:Upstream_wiki
** please see how this template is used to get an idea. [[Chromium]] is a good example.
* users "must" really follow that link. Otherwise documentation will be incomplete.
* keep it verbose as is
* make the button nicer (keep onion support)
* add a click animation?
* other stylistic and/or content improvements

=== sdebian wiki template improvements ===
* context: [[About#Implementation_of_Securing_Debian_Manual|Implementation of Securing Debian Manual]]
* [[Template:sdebian]]
** Improve design.
* [[File:Securing_debian_manual.png|link=]]
** improve the image a bit
** svg?
** effort: low
* improve content in chapter https://www.kicksecure.com/wiki/About#Implementation_of_the_Securing_Debian_Manual

=== Whonix Qubes Install wiki content improvement ===
* https://www.whonix.org/wiki/Qubes/Install
* similar to VirtualBox wiki page

=== Whonix KVM wiki content improvement ===
* https://www.whonix.org/wiki/KVM
* similar to VirtualBox wiki page

=== hardware and firmware documentation ===
{{boot_firmware}}

* how to best organize the topics
* content review
* improvement
* contextualization (avoid lost at hello effect)
* [[Open-source_Hardware]] talks a lot about Intel ME but that's not Open Source and maybe should be moved to [[Out-of-band_Management_Technology]], just a short mention instead

=== anchor_link styling ===
* https://www.kicksecure.com/wiki/Template:Anchor_link
* example: https://www.kicksecure.com/wiki/Miscellaneous_Threats_to_User_Freedom#restricted_boot

=== SysRq key ===
* improve [[SysRq]]
* install Template key or similar (copy from wikipedia)
* make it similar to https://en.wikipedia.org/wiki/Magic_SysRq_key#Commands

<pre>
{{key|[[Alt key|Alt]]|[[system request|SysRq]]}}
</pre>

== artistic ==
=== new illustrative images ===
* user-sysmaint-split
** https://www.kicksecure.com/wiki/Dev/user-sysmaint-split
** user / sysmaint (do not mention Live Mode inside the illustrative image)
* https://www.kicksecure.com/wiki/Sysmaint
* https://www.kicksecure.com/wiki/Unrestricted_admin_mode
* https://www.kicksecure.com/wiki/Root
* https://www.kicksecure.com/wiki/Policy_On_Artificial_Intelligence

= WAITING ON =
= REVIEW PLEASE =

= Footnotes =
{{reflist|close=1}}
[[Category:Development]]
{{Footer}}