Re: Announce: amnesia Live system 0.4.2
Hi! On Sat, Feb 13, 2010 at 12:45:18AM +0100, intrigeri wrote: >Hannah Schroeter wrote (12 Feb 2010 23:13:51 GMT) : >> However, my French is a bit lacking >Fixed, thanks for the report. Cool, I see it, also the language choice for those who actually prefer French. >> and the certificate problem is still there (konqueror doesn't >> recognize it because of the cacert root certificate). (Curiously, >> firefox *does* recognize it.) >cacert's root CA can be imported into Konqueror. Thanks for the hint, just did it (from the local root CA file which firefox uses). >[...] >> PS: Are the older powerpc versions still worthwhile to seed? >Well... AFAIK, they have never been tested on real hardware, I doubt >they actually work, and we have never received any kind of user >feedback about them. This is why no powerpc image was built for >amnesia 0.4.x. Ok. >Curiously (?), this is also why I am in favour of doing anything that >can help changing this state of things; including seeding these images >=> they are tested => we get bug reports and can fix them. Hmmm. I'm not sure. Why should people use pre-built binaries of *older* versions if current source is available too... If I had a powerpc, I'd use the source in that case (at least if it's really usable, as in I don't have to invest a million of hours ;) of manual work to build). But ok, perhaps others think differently, so people get to decide, whichever gets downloaded most will get most of my upload bandwidth. :) Kind regards, Hannah. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Announce: amnesia Live system 0.4.2
Hi! On Fri, Feb 12, 2010 at 11:44:06PM +0100, intrigeri wrote: >Hi, >Hannah Schroeter wrote (10 Feb 2010 15:33:48 GMT) : >> I don't see a *completely* automatic solution, and I didn't mean it >> either. I meant things like announcing them by mail (and ensuring >> that one doesn't need *too* frequent updates, as that would pose >> additional workload on seed operators, as well as additional >> download load to them, too). >A low-traffic mailing-list [1] has been setup to answer this need. >(It is actually a rss2email gateway for the amnesia news RSS feed.) >Seeders, please consider subscribing to either this mailing-list or >the RSS / Atom feed, in order to avoid seeding outdated versions. >[1] https://boum.org/mailman/listinfo/amnesia-news Good idea. However, my French is a bit lacking, and the certificate problem is still there (konqueror doesn't recognize it because of the cacert root certificate). (Curiously, firefox *does* recognize it.) I still just subscribed it (probably pending confirmation). Kind regards, Hannah. PS: Are the older powerpc versions still worthwhile to seed? Just downloading amnesia-i386-gnome-0.4.2-20100207.torrent in order to keep the client running to seed it. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Announce: amnesia Live system 0.4.2
Hi! Just checked a bit. On Wed, Feb 10, 2010 at 11:13:05AM +0100, intrigeri wrote: >Hannah Schroeter wrote (09 Feb 2010 21:26:07 GMT) : >> 404 Not found for both the RSS and the Atom. >oops, sorry, the correct links are: >- RSS: https://amnesia.boum.org/torrents/rss/index.rss >- Atom: https://amnesia.boum.org/torrents/rss/index.atom They're right now. >> Btw, if you want people to do something (keep seeds running), >> perhaps make it less work for them. I.e. push principle instead of >> pull principle (having to actively "poll" a feed on and off, no, I'm >> not one of the RSS/... junkies anyway). >Well, this would be great, but I don't know any way of pushing new >.torrent files to seeds we don't manage ourselves; we need to research >this, as solutions probably exist already. Any idea? I don't see a *completely* automatic solution, and I didn't mean it either. I meant things like announcing them by mail (and ensuring that one doesn't need *too* frequent updates, as that would pose additional workload on seed operators, as well as additional download load to them, too). >> One also has to follow quite many links from the start page (or the >> download page) to finally actually *get* to the torrents. Perhaps >> optimize the link depth? >Ack, we will try to fix this. Okay. >> wget also complains about a certificate mismatch >> $ wget >> https://amnesia.boum.org/torrents/files/amnesia-i386-gnome-0.4.2-20100207.torrent >> --22:25:04-- >> https://amnesia.boum.org/torrents/files/amnesia-i386-gnome-0.4.2-20100207.torrent >>=> `amnesia-i386-gnome-0.4.2-20100207.torrent' >> Resolving amnesia.boum.org... 204.13.164.189 >> Connecting to amnesia.boum.org|204.13.164.189|:443... connected. >> ERROR: certificate common name `boum.org' doesn't match requested host >> name `amnesia.boum.org'. >> To connect to amnesia.boum.org insecurely, use `--no-check-certificate'. >> Unable to establish SSL connection. >Agreed, this is truly annoying. >The certificate is actually valid: it has the *.boum.org wildcard >listed in "Subject Alternative Name". Many clients, such as wget, >don't understand such valid, though uncommon, certificates. I'll ask >the webhost sysadmins to get a new certificate with amnesia.boum.org >explicitly listed as a SubjAltName. Okay. Staying tuned a bit. Kind regards, Hannah. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Announce: amnesia Live system 0.4.2
Hi! On Tue, Feb 09, 2010 at 08:58:24PM +0100, intrigeri wrote: >Hello, >Timo Schoeler wrote (09 Feb 2010 18:45:25 GMT) : >> That is very good to hear; however: is the torrent functional? >> Download takes ages. >It is, but we desperately lack seeds. Anyone, please help seeding >amnesia if you're interested + can afford it. If you want to >participate, please take care of always seeding the newest release: >there's RSS[0] and Atom[1] feeds of the available Torrents to help >being up-to-date. 404 Not found for both the RSS and the Atom. Btw, if you want people to do something (keep seeds running), perhaps make it less work for them. I.e. push principle instead of pull principle (having to actively "poll" a feed on and off, no, I'm not one of the RSS/... junkies anyway). One also has to follow quite many links from the start page (or the download page) to finally actually *get* to the torrents. Perhaps optimize the link depth? wget also complains about a certificate mismatch $ wget https://amnesia.boum.org/torrents/files/amnesia-i386-gnome-0.4.2-20100207.torrent --22:25:04-- https://amnesia.boum.org/torrents/files/amnesia-i386-gnome-0.4.2-20100207.torrent => `amnesia-i386-gnome-0.4.2-20100207.torrent' Resolving amnesia.boum.org... 204.13.164.189 Connecting to amnesia.boum.org|204.13.164.189|:443... connected. ERROR: certificate common name `boum.org' doesn't match requested host name `amnesia.boum.org'. To connect to amnesia.boum.org insecurely, use `--no-check-certificate'. Unable to establish SSL connection. >[...] So that was my part of the work when I tried to seed things for no personal use. Kind regards, Hannah. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: default setting in pidgin
(Not quoting at all isn't much better, see the cited web pages. And see how most people here *do* it.) On Sun, Jan 24, 2010 at 05:26:55PM +, M wrote: >Thanks, so back to my main question, is there any reason to leave the >default settings how they are? Any harm in changing them? Ask the pidgin developers and note that the *main* use case of pidgin is probably *non*-anonymous IM where usually the host of users will *want* to retain logs and would be surprised in a bad way if logs have *not* been retained (and thus aren't recoverable). Removing logs later is easier than recovering non-existant ones from that perspective. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: default setting in pidgin
On Sun, Jan 24, 2010 at 05:15:08PM +, M wrote: >what is "top posting" ? http://www.google.com/search?q=%22top+posting%22&ie=UTF-8&oe=UTF-8 *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: default setting in pidgin
Hi! (Please don't top-post). On Sun, Jan 24, 2010 at 04:07:05PM +, M wrote: >The pidgin also has an OTR addon, so the point is also privacy along with >anonymity, and one or the other or both will be compromised in case the usb >is lost, discovered, left in someones device, etc... Right. W/o OTR or something like that, you might have anonymity, but at the prize of being more easily attacked at malicious exit nodes. >Anyways, yes, i can turn it off, but the hundreds of others may not explore >the settings, or they may not even understand them. >I fell the settings should be changed so that it does not log by default. But even then, people really *needing* privacy must think for themselves anyway. Other default settings may still not be taken as a sign that things are already safe. And one must always be very conscious about one's behavior. What does turning logging off help if one conveys information about one's identity in the *content* of conversations, for example? Kind regards, Hannah. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: default setting in pidgin
Hi! On Sun, Jan 24, 2010 at 03:30:10PM +, M wrote: >I was wondering why the default settings in Pidgin in the TOR-IM-Browser is >set to* log chats and private messages*. I think this is quite contrary to >the main purpose of TOR, which is anonymity, as it may very well be >compromised if the if the USB, etc, falls into the other people's hands. >Also, i dont think most people go into into the settings to change them, as >they feel the setting are already optimized by the crew. People who are really paranoid should check their things anyway. Either log to a crypto partition or disable logging. Or if the aim of anonymity is something different (like not being tracked by *outside* people), the "risk" of local logging might not be in the scope of the threat model anyway. Kind regards, Hannah. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: tor exit-node abused, takedown by ISP,
Hi! On Sun, Jan 24, 2010 at 02:07:31AM +0100, Arian Sanusi wrote: >Hi guys, >draft of an email I intend to write to the DMCA-takedown sender (if you >do not advise me of any better possibility the next 30 mins or so). >> Dear Ladies and Gentlemen, >> I am the operator of the server that was reachable under the IP >> 188.40.178.66 that was accused for copyright infringements of material >> which owner you represent. As you may noticed, there was a Tor exit ^^^ "may have" or "might have". Probably rather not, or do you think they actually check for tor exits before sending out their complaints/notices? (Ok, one thought would be yes they do and they still send them out in order to scare people away from running tor nodes.) >> node running on this computer by the time you noticed the >> infringement. The infringement in question came from the tor network. >> With participating in the Onion Router, both my ISP netcup.de and the >> server behind the IP in question were acting as conduit. For this >> situation, both german law ( §8 Telemediengesetz ) and US law (DMCA >> 512). The "notice and takedown" provisions do not apply in this ^ This sentence no verb. (I'd suggest "have specific provisions".) >> scenario, instead the "conduit" safe harbor scenario applies as of >> DMCA 512(a) that has different and less burdensome requirements, as >> the D.C. Circuit Court of Appeals held in RIAA v. Verizon (see >> http://www.eff.org/legal/cases/RIAA_v_Verizon/opinion-20031219.pdf) >> and the Eighth Circuit Court of Appeals confirmed in RIAA v. Charter >> (see http://www.eff.org/IP/P2P/Charter/033802P.pdf). >> Since the routing of traffic in the Onion Router is anonymous, I am >> unable to provide you with Information about the individual possibly >> beeing accountable for the infringement in question. ^ remove one 'e' here. Note that for the relationship between you and your server colocation provider, probably only German domestic law will apply. You should check the Terms & Conditions (AGB) exactly for the responsibilities you might assume there *in relation to your provider*, §8 TMG nonwithstanding, for example. (Of course, the Terms & Conditions might be invalid in part, especially if it's a "consumer contract" [Verbrauchervertrag], but that might be difficult legal matter, and I'm not a lawyer, and even if I were, I would still not be entitled to give you legal advise over a mailing list.) Kind regards, Hannah. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: How to get rid of this privoxy error?...
Hi! On Mon, Jan 11, 2010 at 09:05:28PM +0530, emigrant wrote: >i often get this error: >This is Privoxy 3.0.9 on localhost (127.0.0.1), port 8118, enabled >thank you very much... Nothing else (a descriptive error string) on the whole page? Kind regards, Hannah. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Trend Micro blocking Tor site?
Hi! On Mon, Jan 11, 2010 at 01:01:35PM -0800, Seth David Schoen wrote: >Flamsmark writes: >> Can you attach the image, and send it to the list? >I'm not sure that I want to start a precedent of people sending >graphical attachments to this list. I put a copy of the image at >http://www.loyalty.org/~schoen/capture.gif Good idea. Thanks for not posting it as attachment. >The text translates as "Blocked by Trend Micro / Trend Micro >Internet Security has identified this Web page as undesirable. >Address: ... Credibility: Dangerous / To visit this blocked >page anyway:" following by directions for how to override the >block in Trend Micro's user interface. I don't know that "Trend Micro" thing. Would it be bad (privacy implications or whatever) if you (or someone you can ask to do it) hit the very last button, which seems to read to me like "notify Trend Micro that they blocked it wrongly"? Kind regards, Hannah. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Trend Micro blocking Tor site?
Hi! On Mon, Jan 11, 2010 at 03:54:35PM -0500, Flamsmark wrote: >2010/1/11 Seth David Schoen >> > I can forward the screenshot to anyone interested. >Can you attach the image, and send it to the list? Please not. Host it somewhere and post the link instead. There's plenty of free image hosting websites, IIRC at least some of them where reasonable (not too ad/spy infested) links can be derived. Kind regards, Hannah. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: US Customers: anyone helping me?
Hi! On Tue, Dec 08, 2009 at 06:07:03AM -0600, Scott Bennett wrote: >[...] > Uh...hmmm...on what basis does Sun claim generation of "true" random >numbers? Unless it includes a sample of some radioisotope and a timestamping >particle detector, why would hardware/firmware RNG output be any less >pseudo-random than software RNG output would? IIRC another possible source is the random noise on a resistor or something like that. That might not be uniform first, but with appropriate transformations applied afterwards... Kind regards, Hannah(s). *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor: Scroogle blocked, Google not ? (November 2009)
Hi! On Sun, Nov 22, 2009 at 10:49:59PM +, dreamcat four wrote: >The past few days I've noticed that all http requests to >https://ssl.scroogle.org have invariably failed. >[...] After a few tries, it worked for me (FoxyProxy, NoScript though, no TorButton in the profile I used). The first few tries, though, yielded a *firefox* generic error message (oh, I "like" those, no real error reason message...), no Privoxy one! Kind regards, Hannah. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: How can I set going more one Tor daemons?
Hi! On Sat, Aug 15, 2009 at 09:09:52PM -0400, Ringo wrote: >"Cover traffic is only there if the tor instance(s) also run as relay." >I was talking about clients, not servers just to clarify. If multiple >Tor instances are running in client mode (or even in one instance, if >there's a lot of traffic), it becomes harder to do traffic analysis and >pin one circuit to one user. >Am I mistaken in that conclusion? I think you are indeed. If you run the instances as client only, there's no cover traffic, just the traffic of the different users. If you run separate tor instances, their circuits (first hop) are necessarily on different TCP connections, so their different usage patterns will show separately. If you run one tor instance for all users, they might use the same entry guard together, multiplexing the different usages onto one TCP connection to the same entry guard. That hides the usage patterns by adding them together, IMO. The second hop then might split up or not, depending on needs, and even more so the third hop (from the second to the exit node, where the dependency on the exit policies comes to play a role). I don't know/remember whether tor relays in turn multiplex traffic "received" from different clients together for the next hop if possible (i.e. different clients using the same entry guard and the same second hop, mixing/multiplexing that traffic onto the same TCP connection). If so that would yield even more anonymity, but only if the different users use the same second hop at the same time (and switching over to different circuits at the same time). Kind regards, Hannah.
Re: How can I set going more one Tor daemons?
Hi! On Sat, Aug 15, 2009 at 07:05:56PM -0400, Ringo wrote: >>Running more than one sounds like a loss of some of the anonymity to >>me, particularly if each user specifies different lists of nodes to be >>used for various purposes. [repaired quoting style.] >If anything, it seems to me like running multiple instances (using >default settings, nodes, etc.) would gain a user more anonymity as they >would gain more cover traffic. Thoughts? Cover traffic is only there if the tor instance(s) also run as relay. In that case to be fair they should be declared a family. And then, one could also run *one* tor node for all users with the appropriate multiple of the allowed bandwidth, which should attract about the same cover traffic as if you run a tor instance per user with less bandwidth per instance. >Ringo Kind regards, Hannah.
Re: Yahoo Mail and Tor
Hi! On Thu, Jul 09, 2009 at 01:47:39AM -0500, Scott Bennett wrote: >[...] > If you're running NetBSD or OpenBSD, you may be able to do something >similar, but I'm not familiar with their methods. (Perhaps Hannah could >give an OpenBSD example here, please?) For OpenBSD, the recommended way is using the pre-built packages. If you are on a release, use the release packages from CD or the release directories on the ftp mirrors. If you are on -current (snapshots or own build, usually after starting from a snapshot), you use packages from the associated package snapshot directory. The packages can be built from the ports collection. You get the ports collection from CD (for release) or from ftp (for release) or via any of the cvs-related access methods (for release/stable, or for -current). Match the ports "branch" to what you run as base system, of course. release/stable ports for a release/stable base system, -current ports for a snapshot/-current base system. For ports, you build the package by entering the appropriate directory (e.g. /usr/ports/net/tor) and saying make package. The package is built in /usr/ports/packages//all/tor-.tgz. You can also say "make install", which is make package + pkg_add for the package so generated. Dito for polipo or privoxy (both of which are provided as package and port). The ports infrastructure might need ftp/http access to retrieve the source distributions of the original software, but you may retrieve the appropriate files manually and put them into /usr/ports/distfiles/ if automatic fetching fails. (Try make fetch-list in /usr/ports/... to get the list of files the port would try to fetch). Kind regards, Hannah.
Re: Hetzner
Hi! On Thu, Jun 18, 2009 at 05:52:08AM +0200, Timo Schoeler wrote: > So am I, running a middle node. However, for months now I'm thinking of > reverting it to an exit node as the situation that everyone runs a > middle node, but no one dares to run an exit node just lets TOR die. Hidden services will run very fine with only middleman and bridge nodes. Kind regards, Hannah.
Re: Hetzner
Hi! On Thu, Jun 18, 2009 at 08:19:03AM +0200, Timo Schoeler wrote: > That's more than true; however, I just wanted to show (and thusly, > prepare for action in consequence) that (especially) German ISPs will be > much more rigid from now on. Any other countries really better? The rest of the EU either *has moved* or will be moving to the same direction, as much of the shit comes from/via the EU (e.g. data retention). The US have their own problems (e.g. DMCA, e.g. extra-legal surveillance, being de facto legalized in hindsight by an amnesty for the eavesdroppers, e.g. worse privacy protection laws to begin with). Kind regards, Hannah.
Re: Hetzner
Hi! On Wed, Jun 17, 2009 at 05:11:36PM +0200, Sören Weber wrote: >On Wed, Jun 17, 2009 at 4:53 PM, Hannah Schroeter wrote: >>>he says it'd be possible that Hetzner will forbid the use of TOR nodes by >>>their policy. >> Did he mean any kind tor nodes or tor exits? >I don't think that he had the knowledge about the differences of >nodes. As far as he told me, he just contacted those people with a >high amount of copyright infringements - so only exit nodes are the >real problem for him. Ok, I understand. >>>I tried to explain that his company's image could benefit from >>>just acting for freedom of speech and against censorship (by not >>>stopping TOR nodes). Hopefully that'll be heard. >> Hope so too. Perhaps also tell him about the role of tor in the recent >> uprises in the Iran. >Thanks for that suggestion! I'll try to get this pointed out in the >conversation. You're welcome. >Greetings, >Sören Kind regards, Hannah.
Re: Hetzner
Hi! On Wed, Jun 17, 2009 at 04:40:09PM +0200, Sören Weber wrote: >this morning I got a call from my hosting provider Hetzner (in >Germany) and had a nice conversation with a guy who is handling the >abuse mails. He wondered what was running on those 12 servers (that's >a number he told me) which receive ~1 copyright-infringement mail per >day. He just wanted to warn me (and I want to warn you ;-) about the >fact that he wants to tell the management about the "problems" of >these servers (high traffic, maybe bad image for the company); he says >it'd be possible that Hetzner will forbid the use of TOR nodes by >their policy. Did he mean any kind tor nodes or tor exits? >He also asked for an in-depth explanation of TOR, which I just sent >him. I tried to explain that his company's image could benefit from >just acting for freedom of speech and against censorship (by not >stopping TOR nodes). Hopefully that'll be heard. Hope so too. Perhaps also tell him about the role of tor in the recent uprises in the Iran. >It's not that important yet as there are other providers out there, >but that could start a trend, especially when put under pressure by >the German government. Definitely. >Greetings, >Sören Kind regards, Hannah.
Re: google cookie
Hi! On Wed, Jun 03, 2009 at 12:02:33PM +0200, Karsten N. wrote: >I have a question about google cookies and tor hidden services. >[...] So after the reason has been explained, just setup firefox to ask for all cookies (and deny google its "we track users for ages" cookie). Kind regards, Hannah.
Re: A tor error message prior to crash
Hi! On Wed, May 13, 2009 at 03:23:23PM +0200, Ruben Garcia wrote: >I've been using >while [[1]]; do restart software; sleep 60; done >for programs with memory leaks or other stability problems (not for tor, >since it works fine for me). >Of course, that means connections will die every few hours, but >persistent connections will only hit your node every now and then. >If you are not babysitting the node anyway, a downtime of a couple >minutes every now and then won't hurt you. >P.S. I'm not very sure about the bash syntax, so check it if you find it >useful. while true; do foo sleep 3600 done would repeat foo every 1h. But then, you could instead enter foo in an appropriate crontab. That's what I did: * * * * * /usr/local/sbin/tor-check in root's crontab # cat /usr/local/sbin/tor-check #! /bin/sh pgrep -x tor >/dev/null || /etc/init.d/tor start (Linux specific; pgrep is already available on some other systems, too, but then starting tor would be done a bit differently.) Kind regards, Hannah.
Re: Some Bones to Pick with Tor Admins
Hi! On Wed, Feb 11, 2009 at 08:16:08PM -0500, Praedor Atrebates wrote: >Bit of a problem there (with long text lines). If I want to be able to send >http links to friends/ >colleagues/family, I have to turn off the new line feature in my email client >and allow end-user >email clients deal with formatting (all too often, if you have >auto-formatting/new lines setup, >you will totally bork http links). Huh? If you wrap lines only at whitespace, http links are not wrapped, even with automatic line wrapping. And if you hit return before the line gets 72 characters long (and not only at about 100 characters!), it's no problem either. >[...] Kind regards, Hannah.
Re: Need help with MPAA threats
Hi! On Mon, Dec 15, 2008 at 09:04:55AM +0100, David Kammering wrote: >[...] >After all, a running Exitnode relaying on the "standard" ports like HTTP >seems to be (for me) better than a completely switched off node because >of legal troubles regarding file sharing. But in the end, the situation is all the same for HTTP(S) as for BT. BT can (and *is*) used for legal content. E.g. I've already pulled (and redistributed, i.e. contributed) OpenBSD *legally* via bittorrent (of course not via tor). OTOH, you can use http(s) for illegal content, too. Especially via ssl. And, if I see things right, the bandwidth argument doesn't compute. IIRC, only the client<->tracker traffic is relayed via tor, and that's not the mass traffic of the actual big files. That's different when you pull big files via http(s) which you keep allowing (and big files also encompasses just bloated web sites with tons of inline and background images, or even flash stuff or whatever). Kind regards, Hannah.
Re: Tor TransPort on OpenBSD?
Hi! On Sun, Aug 10, 2008 at 05:55:59PM -0500, Scott Bennett wrote: > Perhaps OpenBSD works differently in this regard, but in FreeBSD the >above will only last until the next reboot because the /dev directory is >cleared and repopulated during initialization according to the devices >found during kernel autoconfiguration. To make such changes each time >the system boots, IIRC, one must make the appropriate changes to >/boot/device.hints (see device.hints(5)). OpenBSD has classical MAKEDEV style handling of /dev. However, non-standard protections might be clobbered when you upgrade. A better fix would indeed be opening /dev/pf before dropping privileges. And the gold standard would be separating /dev/pf operations out into a separate process, that drops root anyway, but keeps the /dev/pf file descriptor and offers only those /dev/pf operations to the main process that are really needed instead of making *all* /dev/pf operations available to the main process. (Privilege separation.) Kind regards, Hannah.
Re: Bad exit?
Hi! On Sat, May 03, 2008 at 08:14:55PM +0200, Steffen Schoenwiese wrote: >I've encountered strange behavior using the exit node >f36a9830dcf35944b8abb235da29a9bbded541bc. It seems to inject random stuff (JS, >ads, porn) into the resulting pages. Can anyone verify this? Give it a try at >some simple page and view the source. At http://www.sschoenwiese.de the source >should look like this: > > >Test > > >Hello World > > It does. >Using f36a9830dcf35944b8abb235da29a9bbded541bc as exit it is for example >something like that: > > >Test > >http://www.google-analyti I got an empty result when trying to fetch http://www.sschoenwiese.de.f36a9830dcf35944b8abb235da29a9bbded541bc.exit/ (Was that a wrong way to try to select that particular exit node?) Dito when trying another exit node particularly: http://www.sschoenwiese.de.awesomelikeahotdog.exit/ (empty result) When I let tor decide on the exit node, i.e. fetched http://www.sschoenwiese.de/ via tor/privoxy, I got