Re: tor-0.1.1.24
On Sat, Oct 28, 2006 at 01:14:44AM -0500, Thomas M. Jett wrote: > I'm currently using tor-0.1.1.22 on Vector Linux SOHO 5.1.1, which I > compiled myself, as I did the previous versions I've used. I > recently tried to compile tor-0.1.1.24 (now at least 4 times), and > each time I've compiled and installed (package created using > checkinstall, and installed via installpkg and uninstalled via > Gslapt). I get the following when I start it I'll start it in a > terminal, and everything looks normal, states it's opening Socks > listener on 127.0.0.1:9050, however it crashes at this point every > time. I'm using gcc 3.4.6 to compile it, and up to date librarys. > I've been doing a straight forward ./configure make | checkinstall | > installpkg tor-0.1.1.24-i686-1.tgz, and am up a stump as to what the > problem could be. Any suggestions as to how to get past this will be > very much appreciated. If by "crash" you mean "seg faults", there are lots more details you can provide. I've made an attempt at a walk-through here: http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ReportBug Thanks, --Roger
tor-0.1.1.24
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Hello, first post on here. I'm currently using tor-0.1.1.22 on Vector Linux SOHO 5.1.1, which I compiled myself, as I did the previous versions I've used. I recently tried to compile tor-0.1.1.24 (now at least 4 times), and each time I've compiled and installed (package created using checkinstall, and installed via installpkg and uninstalled via Gslapt). I get the following when I start it I'll start it in a terminal, and everything looks normal, states it's opening Socks listener on 127.0.0.1:9050, however it crashes at this point every time. I'm using gcc 3.4.6 to compile it, and up to date librarys. I've been doing a straight forward ./configure make | checkinstall | installpkg tor-0.1.1.24-i686-1.tgz, and am up a stump as to what the problem could be. Any suggestions as to how to get past this will be very much appreciated. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFFQvVQlzq1/FLekkARA3TXAJ4mdFC0dXIwxzoqsvpJQYLJGngbPgCdFfbb Ld9mtaZxiD79VkEWLhg5AUo= =KZ/m -END PGP SIGNATURE- smime.p7s Description: S/MIME Cryptographic Signature
Re: Sending mail on OS X
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 currently, one can still send mail on port 25 using Tor. one just might have to retry sending the message several times until a working circuit is found. this is acceptable for me, and not for spammers. frankly, this seems like a better solution to spam compared to biased blacklists. so, personally, i don't think there is much need to un-block port 25 by default and re-complicate things with experimental entry/exit node filters. -BEGIN PGP SIGNATURE- iD8DBQFFQuSUXhfCJNu98qARCFZzAKD4pXzmVUKnVJyRs9w3VY5pFkkt+QCgg27T cpFonekBU8eomqyzBYovzkw= =GE2B -END PGP SIGNATURE-
"TorButton" for Safari
Hi, maybe it was published here, but it seems that someone developed "TorButton" for Safari (Mac OS): http://slightparanoia.blogspot.com/2006/10/few-useful-applescripts.html bye, Matej
Re: Sending mail on OS X
On Thu, 2006-10-26 at 19:07, Tim McCormack wrote: > Many Tor exit nodes block port 25 because spammers sometimes try to use > Tor. For anonymous mailing you could try Mixminion instead of Tor. I understand the need for controlling spam. If you don't control it, the recipients will often block you. Even if you're not blocked no legitimate organization or tool wants to be identified as supporting or enabling spam. The Mixminion project seems to be stalled, as they have not released any new software in almost 11 months, even though it is described as alpha software. In the Overview of Tor, http://tor.eff.org/overview.html.en, the "Why we need Tor" section states "It can even threaten your job and physical safety by revealing who and where you are. For example, if you're traveling abroad and you connect to your employer's computers to check or send mail, you can inadvertently reveal your national origin and professional affiliation to anyone observing the network, even if the connection is encrypted." The same logic would apply to any military or government employees, dependent on local communications. The "Tor: The Second-Generation Onion Router" design document http://tor.eff.org/svn/trunk/doc/design-paper/tor-design.html mentions using SpamAssassin in section "6.2 Exit policies and abuse" on Tor exit nodes. I'm curious if the current default on exit nodes to block port 25 is a temporary expedient due to the very limited resources available to the Tor project? Do the developers hope at some point to be in a position to enable anonymous email through the Tor network, either by blocking individual spam messages at the exit, or blocking spam sources by IP address from the entry nodes? The latter should involve a much lower overhead, but at the risk of blocking legitimate users. Perhaps blocking only the better known, high volume spam sites would substantially reduce the load on the Tor network while minimizing the impact on legitimate users. George Shaffer
Re: "Practical onion hacking: finding the real address of Tor clients"
On Thu, 2006-10-26 at 15:05, Fabian Keil wrote: > George Shaffer <[EMAIL PROTECTED]> wrote: > > On Mon, 2006-10-23 at 08:22, Fabian Keil wrote: > > > George Shaffer <[EMAIL PROTECTED]> wrote: > > > > > > > . . . many web surfers, even > > > > knowledgeable ones, like the "rich" experience and are willing to > > > > sacrifice security and privacy for it. > > > > > > And they constantly get what they deserve. . . > > > > If a member of your family is sick with a contagious disease, and you > > tend to them, do you "deserve" to get the disease? It might be smarter > > to stay away and call a doctor, but perhaps you get infected before you > > knew a doctor was needed, or while waiting for the doctor, or can't > > afford a doctor. > > I fail to see the similarities between willingly sacrificing > security and privacy for '"rich" experience' and caring about > ones family. It may have been a poor analogy (I was thinking of computer viruses which suggested disease) but my objection is to the use of the word "deserve." Let's try a different one: people who leave their house doors unlocked don't deserve to be robbed or raped and people who leave their cars unlocked don't deserve to have their cars stolen. In each case the poor security increases the risk of the undesired results, but does not make these results likely. Failure to take good browser and system security precautions does not result in "constant" adverse results. I know two computer professionals, both of whom use Windows and have had high speed Internet connections for the past five years. The only precaution either takes is they are behind a NAT router (and may run an antivirus program). They have everything enabled in their IE browsers. Neither has ever experienced any disruptive experience, thought they may well have some adware or innocuous virus on their system. What is so often forgotten about malicious web attacks is that nearly all web operators have a large investment in their sites and malicious software hurts them as much or more as victim client computers. To go to a malicious site you need to encounter a site whose security has been compromised, be tricked into going to a site, be the victim of poisoned DNS, receive an email with a macro based Outlook virus that uses IE functionality, or deliberately browse fringe web sites. All can and do have adverse consequences, but are not a common part of most surfer's experiences. People who deserve to have bad things happen to them are criminals who are justly convicted. > > > Anyone interested whether or not your IP address is currently in use > > > only needs to do a port scan. > > > > Are you sure? By "stealth" I mean . . . > > If the target IP address is unused, the scanner gets an error > message send from the router located one hop before the target. > If the scanner doesn't get this error message, it's safe to > assume that the target system is running. By unused to you mean unassigned or will simply turned off result in such a message? I don't have enough computers to test this and know of no legal way to do so. I guess I have to take your word, though I've never heard this before. Perhaps someone could provide a URL that describes this. > > > And if you can't trust your firewall > > > enough to work in cases where someone knows that your IP address is > > > in use, you should get a firewall that actually works anyway. > > > > One might conclude, if one assumed these couple smart alec remarks > > represented your entire knowledge of firewalls, that you don't seem to > > know that once you open a port in a firewall to a server, e.g., Tor and > > port 80, that the firewall cannot protect that server. > > The packet filter can still protect all other ports and > increase the chances that the packets arriving at the Tor > running server are valid. The Tor server's host system can make sure > that a compromised Tor server doesn't cause too much damage. > As a OpenBSD user you will be aware of systrace, > other systems have similar tools. While I'm generally familiar with most of your points, and the one about a firewall only allowing valid packets is a good one, in the context of this discussion, your final sentence grates. Perhaps this comes from the way German translates to English, but it would be much easier to read "If you are not familiar with, then you should look up systrace" rather than saying "you will be aware of." If I ever knew it I've completely forgotten it. Looking at man, it does appear that it would be useful for controlling "developmental" software on a very secure OpenBSD system. The last time I checked, my recollection is that there are more than 600 commands on a minimal OpenBSD install, i.e., without misc, games or any of the X window components. Very few people will know all of them. The man pages are mostly quite good if you know the name of a command (or can find it with "-k") but there is no overview how-to documentation with OpenBSD that ties th