Re: Some Bones to Pick with Tor Admins
On Thu, 12 Feb 2009 07:12:22 -0500 Praedor Atrebates top-posted: >The recommend for NOT word wrapping (and allowing the end client handle it) >came >from one of the only groups that matter: a linux group. Ah, I see. LINUX bigotry somehow justifies your position that everyone on a mailing list should use whatever practices they want without regard for compatibility with the rest of the list's subscribers because all other subscribers should magically be aware of your choice of software and usage and comply with your choice, not to mention have authority to install such software on systems where they get email, rather than use that greatest common factor of all mail interfaces, plain ASCII text. > >One's email client should handle formatting for display, or have the >capability, >or it is broken or poorly designed or written in dinosaur days. Fine. You top-post, too, so I should never have bothered to read, much less respond to, your message in the first place. I'll avoid that mistake with your postings in the future. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: Some Bones to Pick with Tor Admins
Hi, > blah blah blah mail client blah blah blah Could you please take this pointless discussion the f*** out of this mailing list? Thanks! Marco
Re: Some Bones to Pick with Tor Admins
The recommend for NOT word wrapping (and allowing the end client handle it) came from one of the only groups that matter: a linux group. One's email client should handle formatting for display, or have the capability, or it is broken or poorly designed or written in dinosaur days. On Thursday 12 February 2009 06:36:09 Hannah Schroeter wrote: > Hi! > > On Wed, Feb 11, 2009 at 08:16:08PM -0500, Praedor Atrebates wrote: > >Bit of a problem there (with long text lines). If I want to be able to > > send http links to friends/ colleagues/family, I have to turn off the new > > line feature in my email client and allow end-user email clients deal > > with formatting (all too often, if you have auto-formatting/new lines > > setup, you will totally bork http links). > > Huh? If you wrap lines only at whitespace, http links are not wrapped, > even with automatic line wrapping. And if you hit return before the > line gets 72 characters long (and not only at about 100 characters!), > it's no problem either. > > >[...] > > Kind regards, > > Hannah. -- "An imbalance between rich and poor is the oldest and most fatal ailment of all republics." --Plutarch
Re: Some Bones to Pick with Tor Admins
Hi! On Wed, Feb 11, 2009 at 08:16:08PM -0500, Praedor Atrebates wrote: >Bit of a problem there (with long text lines). If I want to be able to send >http links to friends/ >colleagues/family, I have to turn off the new line feature in my email client >and allow end-user >email clients deal with formatting (all too often, if you have >auto-formatting/new lines setup, >you will totally bork http links). Huh? If you wrap lines only at whitespace, http links are not wrapped, even with automatic line wrapping. And if you hit return before the line gets 72 characters long (and not only at about 100 characters!), it's no problem either. >[...] Kind regards, Hannah.
Re: Some Bones to Pick with Tor Admins
On Wed, 11 Feb 2009 20:16:08 -0500 Praedor Atrebates top-posted: >Bit of a problem there (with long text lines). If I want to be able to send >http links to friends/ >colleagues/family, I have to turn off the new line feature in my email client >and allow end-user >email clients deal with formatting (all too often, if you have >auto-formatting/new lines setup, >you will totally bork http links). Well, mailing list postings should not assume that subscribers to the list use any particular email reader. The best way to do that is to use plain, ASCII text for mailing list postings. > >What client are you using that is causing a problem? Mutt? > I am using mailx(1), but the cause of the problem is at your end, not here. You are the one posting entire paragraphs on single lines, after all, not I. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: Some Bones to Pick with Tor Admins
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Praedor Atrebates wrote: (snip) > If you have SE on > something, it is sure as hell you aren't running anything demanding > on it (by modern Homo sapiens standards). SE dates back to the Homo > erectus period. (snip) LMAO! =xoD - -- F. Fox Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBCAAGBQJJk6E1AAoJECxKjnsrYHNHGLEQALflbvDVO2hHFXwu8jEgiW4v m0kTxmtVDnMLXru0LfuT1RDbA+oTkZvGMTztSbbJtNlJFT/flPe4T+i2MnFHWTUd TN++4a2sa+lFwygUjM2QG4mYZOnPZ0MnZPN5mb8brLbxdL4Ym/sy5EXBfMUpXizX WsqUALP9OoRwpYWvqFn5sUbEIN+lS5ujGgj/KOUjfEQUvk9VQg4i9YTD7t35BXY6 0WloW6QcTXcbjAATcoRa100POTjyom6+sL/K8Xxo5WOBd6rvxuGwGHBKmyX692sL l0nLhLwVtz8DCfJ9x0OluhUoCBJL/+IVtHeh+PoY8Rl0lLDe3AgO24RXDMty6YGr ceLtRaSEg2L3ydeSqGZ8oeHTBwoOtwJNSh5826O+kCTo9OO8SfW7iiTKD9uJi7Lp fwhZlT4wUSjGSTCases24t9kmx570qclLltdaTG0OoSglvk0GS6M1lvStdjPzd7Y B8NF052PT7EpAqKacKFGxdY6YGCSccEO/7b9HBmp2gv5qSIFsp08LmI+vaiZDj9P vU0X+OygVLsxThNIdVEODk0HJjcHDOsfBrO13Wxrw49IXdzgwCScCnpR/HIu4iaI tMFGK3RRG6vMxvEjwkZ//dg7Y3c7g+Fxgj0QY+vKaimKJGauKh0c1ukCCxVPV4X8 zBBuYpXjxhuHIg2AGG9s =jbcw -END PGP SIGNATURE-
Re: Some Bones to Pick with Tor Admins
Bit of a problem there (with long text lines). If I want to be able to send http links to friends/ colleagues/family, I have to turn off the new line feature in my email client and allow end-user email clients deal with formatting (all too often, if you have auto-formatting/new lines setup, you will totally bork http links). What client are you using that is causing a problem? Mutt? On Wednesday 11 February 2009 19:48:41 Scott Bennett wrote: > On Wed, 11 Feb 2009 07:49:05 -0500 Praedor Atrebates > top-posted: > >Looks like I may have to create a procmail filter to pre-dump posts. > > > >Money may be tight now (for lots of peeps) but one should be able to acquire > >a much more modern windoze for virtually nothing. SE? SE?!!! Why not run > >win95? Or 3.5? > > > >If you are REALLY hurting for money: LINUX! Download and install a free > >version - pick a distro. ANY modern linux will do much more than SE can, > >you wont miss anything but viruses and trojans (though anyone foolish enough > >to still run SE doesn't give a f*ck about the trojans and other hacks part > >of the equation). If you have SE on something, it is sure as hell you aren't > >running anything demanding on it (by modern Homo sapiens standards). SE > >dates back to the Homo erectus period. > > Do you suppose you could avoid putting entire paragraphs onto single > lines of text? > LINUX is certainly an option, but don't forget the BSDs. FreeBSD 7, for > example, is very fast. For those with multi-CPU or multi-cored CPUs, FreeBSD > 7 > and 8-CURRENT have the *only* efficient kernels for heavy CPU loads. (See > http://www.freebsd.org.) PC-BSD 7 is a particular packaging of FreeBSD 7 that > is especially designed to be newbie-friendly. (See www.pcbsd.org.) > In any case, there is simply no excuse for running tor on unsafe > operating > systems that no longer get security updates. If the OP would identify his > tor relay by nickname or key fingerprint, I would be happy to add it to my > ExcludeNodes list for my own protection. Also, a machine like the one > described by the OP cannot contribute much data rate capacity to the tor > network anyway, so if he were to take it offline permanently, it would be no > great loss to the tor community and would have the benefit of removing an > unsafe relay from the network. > > > Scott Bennett, Comm. ASMELG, CFIAG > ** > * Internet: bennett at cs.niu.edu * > ** > * "A well regulated and disciplined militia, is at all times a good * > * objection to the introduction of that bane of all free governments * > * -- a standing army." * > *-- Gov. John Hancock, New York Journal, 28 January 1790 * > ** > > -- "An imbalance between rich and poor is the oldest and most fatal ailment of all republics." --Plutarch
Re: Some Bones to Pick with Tor Admins
On Wed, 11 Feb 2009 07:49:05 -0500 Praedor Atrebates top-posted: >Looks like I may have to create a procmail filter to pre-dump posts. > >Money may be tight now (for lots of peeps) but one should be able to acquire a >much more modern windoze for virtually nothing. SE? SE?!!! Why not run >win95? Or 3.5? > >If you are REALLY hurting for money: LINUX! Download and install a free >version - pick a distro. ANY modern linux will do much more than SE can, you >wont miss anything but viruses and trojans (though anyone foolish enough to >still run SE doesn't give a f*ck about the trojans and other hacks part of the >equation). If you have SE on something, it is sure as hell you aren't running >anything demanding on it (by modern Homo sapiens standards). SE dates back to >the Homo erectus period. Do you suppose you could avoid putting entire paragraphs onto single lines of text? LINUX is certainly an option, but don't forget the BSDs. FreeBSD 7, for example, is very fast. For those with multi-CPU or multi-cored CPUs, FreeBSD 7 and 8-CURRENT have the *only* efficient kernels for heavy CPU loads. (See http://www.freebsd.org.) PC-BSD 7 is a particular packaging of FreeBSD 7 that is especially designed to be newbie-friendly. (See www.pcbsd.org.) In any case, there is simply no excuse for running tor on unsafe operating systems that no longer get security updates. If the OP would identify his tor relay by nickname or key fingerprint, I would be happy to add it to my ExcludeNodes list for my own protection. Also, a machine like the one described by the OP cannot contribute much data rate capacity to the tor network anyway, so if he were to take it offline permanently, it would be no great loss to the tor community and would have the benefit of removing an unsafe relay from the network. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: Some Bones to Pick with Tor Admins
Looks like I may have to create a procmail filter to pre-dump posts. Money may be tight now (for lots of peeps) but one should be able to acquire a much more modern windoze for virtually nothing. SE? SE?!!! Why not run win95? Or 3.5? If you are REALLY hurting for money: LINUX! Download and install a free version - pick a distro. ANY modern linux will do much more than SE can, you wont miss anything but viruses and trojans (though anyone foolish enough to still run SE doesn't give a f*ck about the trojans and other hacks part of the equation). If you have SE on something, it is sure as hell you aren't running anything demanding on it (by modern Homo sapiens standards). SE dates back to the Homo erectus period. On Tuesday 10 February 2009 20:42:27 Ringo Kamens wrote: > Don't feed the trolls people. > > Michael G. Reed wrote: > > On Tue, 10 Feb 2009 mark485ander...@eml.cc wrote: > > |> no need also to upgrade from 98se, except tor developers are too lazy to > > |> code properly. > > > > You know, Tor is open sourceyou can go fix the damn bugs yourself > > if they are so important to you and your antiquated setup. If you > > weren't being such an ass-hat in the way you are DEMANDING support > > while insulting the developers and not even so much as filing a > > quasi-readable bug report, people might actually be willing to help > > you. I tend to bet that most folks on this list wrote you off with > > your very first email...and with good reason. Just my $0.02. > > > > -Michael > > > > > > -- "An imbalance between rich and poor is the oldest and most fatal ailment of all republics." --Plutarch
Tor on win98 [was Re: Some Bones to Pick with Tor Admins]
On Tue, Feb 10, 2009 at 04:51:42PM -0700, mark485ander...@eml.cc wrote: > Maybe not many users because Tor's last two versions are buggy and don't > allow them to use it? Still plenty of 98se users out there and I have 3 > browsers now that can use tor safely. course they will not work on .33 > and .34 because tor developers do not adequately test or code their > program. > This is a simple matter, no great task. Maybe they are just lazy? Dear Mark, I remember back in 2005 when Tor broke on windows 95 for you. Back then, you didn't call us names. Instead, you told us what errors you were getting, which versions worked for you and which didn't, and helped debug the problem. That worked out great, IMO. Here's the thread: http://archives.seul.org/or/talk/Aug-2005/msg00099.html As Roger noted, we are perfectly glad to keep Tor working on older and stranger platforms than yours. Heck, we've taken patches to get Tor working on IRIX and AIX. And you don't need to be able to write code to contribute! If a win98 user with decent debugging skills (you?) would like to help us figure out what exactly broke Tor on win98, I would be glad to try to help figure out what's needed to fix it. To be clear, you're saying that 0.2.0.32 worked, but 0.2.0.33 didn't? And you're saying that there is no useful error message, just a crash with a GPF message? One very interesting part of your first message was when you said, "not within vidalia." (If anybody else has a copy of win98 they can fire up, and they want to help track this down, then the more the merrier. Alternatively, it might be useful for somebody who knows windows history to look through the code that changed between the affected versions, or to look at any changes in the build methodology between the affected versions, or such.) BTW: Please knock it off with the insults. They don't make me develop any better or faster, and they don't make the list a better place. yrs, -- Nick
Re: Some Bones to Pick with Tor Admins
On Tue, Feb 10, 2009 at 04:58:31PM -0700, mark485ander...@eml.cc wrote 1.8K bytes in 55 lines about: : exactly, no need for tor button. : no need also to upgrade from 98se, except tor developers are too lazy to : code properly. And win98se users are too lazy to file proper bug reports. You've hinted 0.2.0.32-stable worked in win98se. We have a fine lazy bug tracker at https://bugs.torproject.org/. Lazy users could file a lazy bug report with some lazy details and us lazy developers and lazy packagers will get around to looking and fixing the bugs; albeit lazily. Including some lazy details with lazy log snippets would be fantastically lazy. I think your bone to pick is with Tor developers, not Admins. But clearly laziness won over corrections. -- Andrew
Re: Some Bones to Pick with Tor Admins
On Tue, 2009-02-10 at 22:26 -0500, Nick Mathewson wrote: > On Tue, Feb 10, 2009 at 06:24:27PM -0500, Ted Smith wrote: > > On Tue, 2009-02-10 at 18:17 -0500, Ringo Kamens wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA1 > > > > > > It absolutely would. Here are some things TorButton defends against that > > > wouldn't be covered in your scenario: > > > > > > 1. Unauthenticated Updates > > > 2. CSS Tracking (I think it does anyways) > > > 3. Flash and auto-opening of files > > > 4. Browser referral and user-agent tracking > > > > > > Ringo > > > > > To be fair, though, 1, 3, and 4 could be configured away in default > > FireFox. Updates can be disabled, flash can be removed, files can be set > > to "ask", referrals can be disabled, and UA can be modified in firefox > > or in Privoxy. > > As Martin notes, privoxy won't modify your SSL connections for you. > > Torbutton protects against many other attacks that regular Firefox > configuration can't protect you against, too. See the Torbutton > design document at https://www.torproject.org/torbutton/design/ for a > more full list. > The only things I see in the "Adversary Attacks" section that could be an issue are fingerprinting attacks, and of course exploitation. What am I missing? And is there any way to get the benefits of Torbutton without any of the state-saving aspects? Like the previous poster, I have a separated Firefox profile I use for Tor, so separation of Tor and non-Tor state isn't an issue for me. What would it take to split off the filtering/hardening aspects of Torbutton from the state-watching part, and just have an independent anonymity-enhancing addon? I'd rather not trust one piece of software with all of my anonymity, so I want to keep my system separated the old-fashioned way, with plugins/cache/history/cookies/javascript that could be used against me. This way, even if Torbutton fails, I still have a modicum of safety against some attacks. My configuration passes the decloak engine test with flying colors, though I understand that's nowhere near comprehensive... ;) signature.asc Description: This is a digitally signed message part
Re: Some Bones to Pick with Tor Admins
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael G. Reed wrote: > On Tue, 10 Feb 2009 mark485ander...@eml.cc wrote: > |> no need also to upgrade from 98se, except tor developers are too lazy to > |> code properly. > > You know, Tor is open sourceyou can go fix the damn bugs yourself > if they are so important to you and your antiquated setup. If you > weren't being such an ass-hat in the way you are DEMANDING support > while insulting the developers and not even so much as filing a > quasi-readable bug report, people might actually be willing to help > you. I tend to bet that most folks on this list wrote you off with > your very first email...and with good reason. Just my $0.02. > > -Michael > " I tend to bet that most folks on this list wrote you off with your very first email.. " I know I did. Jon -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmSSRgACgkQ6+ro8Pm1AtWlKACgiD8iQrTrRa1sOI6EfgyPrcAH Go0AoK6akFB6gs86uviFVWuWWXqYEns/ =MH84 -END PGP SIGNATURE-
Re: Some Bones to Pick with Tor Admins
On Tue, Feb 10, 2009 at 06:24:27PM -0500, Ted Smith wrote: > On Tue, 2009-02-10 at 18:17 -0500, Ringo Kamens wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > It absolutely would. Here are some things TorButton defends against that > > wouldn't be covered in your scenario: > > > > 1. Unauthenticated Updates > > 2. CSS Tracking (I think it does anyways) > > 3. Flash and auto-opening of files > > 4. Browser referral and user-agent tracking > > > > Ringo > > > To be fair, though, 1, 3, and 4 could be configured away in default > FireFox. Updates can be disabled, flash can be removed, files can be set > to "ask", referrals can be disabled, and UA can be modified in firefox > or in Privoxy. As Martin notes, privoxy won't modify your SSL connections for you. Torbutton protects against many other attacks that regular Firefox configuration can't protect you against, too. See the Torbutton design document at https://www.torproject.org/torbutton/design/ for a more full list. -- Nick
Re: Some Bones to Pick with Tor Admins
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Don't feed the trolls people. Michael G. Reed wrote: > On Tue, 10 Feb 2009 mark485ander...@eml.cc wrote: > |> no need also to upgrade from 98se, except tor developers are too lazy to > |> code properly. > > You know, Tor is open sourceyou can go fix the damn bugs yourself > if they are so important to you and your antiquated setup. If you > weren't being such an ass-hat in the way you are DEMANDING support > while insulting the developers and not even so much as filing a > quasi-readable bug report, people might actually be willing to help > you. I tend to bet that most folks on this list wrote you off with > your very first email...and with good reason. Just my $0.02. > > -Michael > > -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJki0C6pWcWSc5BE4RAtsuAKCfwbKv2MsKCJdvE8iB2Tx6S5N+IgCcDtjB IVssxEcdLbi2AHenFB3IkbA= =0m4r -END PGP SIGNATURE-
Re: Some Bones to Pick with Tor Admins
On Tue, 10 Feb 2009 mark485ander...@eml.cc wrote: |> no need also to upgrade from 98se, except tor developers are too lazy to |> code properly. You know, Tor is open sourceyou can go fix the damn bugs yourself if they are so important to you and your antiquated setup. If you weren't being such an ass-hat in the way you are DEMANDING support while insulting the developers and not even so much as filing a quasi-readable bug report, people might actually be willing to help you. I tend to bet that most folks on this list wrote you off with your very first email...and with good reason. Just my $0.02. -Michael
Re: Some Bones to Pick with Tor Admins
On Tue, 10 Feb 2009 16:51:42 -0700 mark485ander...@eml.cc wrote: > Maybe not many users because Tor's last two versions are buggy and > don't allow them to use it? Still plenty of 98se users out there and > I have 3 browsers now that can use tor safely. course they will not > work on .33 and .34 because tor developers do not adequately test or > code their program. > This is a simple matter, no great task. Maybe they are just lazy? > Or, perhaps they have lives. I just wanted to point out that you could always get a nice old beige box from someone put a small Linux distro on it and route you 98SE machines through Tor on that box. That way, you keep 98se. you keep Tor. Also, having the Linux box as your proxy would also let you unload both tor and privoxy from you 98se boxen. You could even configure iptables to help ensure there are no data leaks from misbehaving win98se appies. Just a though. Freemor -- free...@gmail.com free...@yahoo.ca This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Some Bones to Pick with Tor Admins
On Tue, 10 Feb 2009 18:24:27 -0500 Ted Smith wrote: > To be fair, though, 1, 3, and 4 could be configured away in default > FireFox. Updates can be disabled, flash can be removed, files can be > set to "ask", referrals can be disabled, and UA can be modified in > firefox or in Privoxy. > Thanks all, I've configures out all the things mentioned (as Ted suspected), I just didn't want to list them ad-nauseum in my first post. And "no plug-ins" = NO flash, nothing opens without asking. in fact nothing opens everything that might open has been defaulted to saving the files to be viewed later/offline. I just wanted to check that TorButton wasn't doing some work to cover bugs/faults in FF that would not be covered by a totally locked down/stripped down FF with it own profile the gets cleared when the session end. I not on the Tor button page some references to History probing Not sure if this is possible with Javascript turnd off or not I'll need to dig more. Thanks for the Feedback, Freemor -- free...@gmail.com free...@yahoo.ca This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Some Bones to Pick with Tor Admins
On Tue, 2009-02-10 at 16:51 -0700, mark485ander...@eml.cc wrote: > Maybe not many users because Tor's last two versions are buggy and don't > allow them to use it? Still plenty of 98se users out there and I have 3 > browsers now that can use tor safely. course they will not work on .33 > and .34 because tor developers do not adequately test or code their > program. > This is a simple matter, no great task. Maybe they are just lazy? > Yes, I'm sure they're lazy, because they aren't hopping to to support an OS that went EOL years ago. You haven't even posted what version you're having problems with or tried to get help for those problems, you've just posted to this list saying "Fix TOR(sic)". Here's an idea. Why don't you thank them, very sincerely, for having generously donated their time to give quality software to people like you. Then, if you want their help, MAYBE they'll give it to you. You could also probably pay someone to fix the problem, if it really is a code bug that really only manifests on Windows 98 (of all things). This is a harsh post, but really, you're just going to personal attacks now. You've brought it on yourself. > On Tue, 10 Feb 2009 15:50:27 -0500, "Roger Dingledine" > said: > > On Tue, Feb 10, 2009 at 12:19:38PM -0700, mark485ander...@eml.cc wrote: > > > (please read and comprehend in entirety, thanks) > > > Say, howz about fixing your latest "stable" version of Tor so that it > > > still works on W98se? I get protection faults when executing tor (not > > > within vidalia). > > > > At this point there are very few win98 users of Tor. That plus the fact > > that win98 is known to be obsolete and insecure means we don't pay much > > attention to it. > > > > Like the other esoteric operating systems out there, we don't object to > > staying compatible if it's not too much trouble, but we rely on the > > users to help track down the compatibility problems and work with us to > > fix things again. > > > > I should also note that the ability to stay compatible with win98 is > > fading. I believe Firefox 3 has dropped win98 compatibility. Now that > > Firefox 2 is unsupported, it will soon be the case that you have no safe > > browser to use with Tor. (You need Torbutton 1.2 on Firefox to have any > > chance of safe browsing.) > > > > > The last most recent version returns error messages saying that it is > > > obsolete already??? What's the deal with that? You mean the next most > > > recent version is already > > > obsolete? > > > > You should be on the or-announce list if you're not already. > > http://archives.seul.org/or/announce/ > > > > --Roger > > > -- > > mark485ander...@eml.cc > signature.asc Description: This is a digitally signed message part
Re: Some Bones to Pick with Tor Admins
exactly, no need for tor button. no need also to upgrade from 98se, except tor developers are too lazy to code properly. On Tue, 10 Feb 2009 18:24:27 -0500, "Ted Smith" said: > On Tue, 2009-02-10 at 18:17 -0500, Ringo Kamens wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > It absolutely would. Here are some things TorButton defends against that > > wouldn't be covered in your scenario: > > > > 1. Unauthenticated Updates > > 2. CSS Tracking (I think it does anyways) > > 3. Flash and auto-opening of files > > 4. Browser referral and user-agent tracking > > > > Ringo > > > To be fair, though, 1, 3, and 4 could be configured away in default > FireFox. Updates can be disabled, flash can be removed, files can be set > to "ask", referrals can be disabled, and UA can be modified in firefox > or in Privoxy. > > > Freemor wrote: > > > On Tue, 10 Feb 2009 15:50:27 -0500 > > > Roger Dingledine wrote: > > > > > > (You need Torbutton 1.2 on Firefox to > > >> have any chance of safe browsing.) > > >> > > > > > > I know that his is a bit off topic so apologies in advance, > > > By the above are you saying that a FF with 0 plugins, 0 extensions, > > > cookies and javascript disables running under its own profile would > > > still be less safe then a loaded browser with Tor button? If so, could > > > you please point me to documentation of the vulnerabilities that Tor > > > button would cover but the completely feature denuded FF would not. > > > > > > Thanks in advance, > > > Freemor > > > > > -BEGIN PGP SIGNATURE- > > Version: GnuPG v1.4.6 (GNU/Linux) > > > > iD8DBQFJkgr26pWcWSc5BE4RAlYQAJ9TOKq7u9nN9ln3Gg30untzQoTD9QCgrxoA > > Hy4PCsUUxxiakGlOQvXr4rw= > > =Q2h7 > > -END PGP SIGNATURE- -- mark485ander...@eml.cc -- http://www.fastmail.fm - The way an email service should be
Re: Some Bones to Pick with Tor Admins
Maybe not many users because Tor's last two versions are buggy and don't allow them to use it? Still plenty of 98se users out there and I have 3 browsers now that can use tor safely. course they will not work on .33 and .34 because tor developers do not adequately test or code their program. This is a simple matter, no great task. Maybe they are just lazy? On Tue, 10 Feb 2009 15:50:27 -0500, "Roger Dingledine" said: > On Tue, Feb 10, 2009 at 12:19:38PM -0700, mark485ander...@eml.cc wrote: > > (please read and comprehend in entirety, thanks) > > Say, howz about fixing your latest "stable" version of Tor so that it > > still works on W98se? I get protection faults when executing tor (not > > within vidalia). > > At this point there are very few win98 users of Tor. That plus the fact > that win98 is known to be obsolete and insecure means we don't pay much > attention to it. > > Like the other esoteric operating systems out there, we don't object to > staying compatible if it's not too much trouble, but we rely on the > users to help track down the compatibility problems and work with us to > fix things again. > > I should also note that the ability to stay compatible with win98 is > fading. I believe Firefox 3 has dropped win98 compatibility. Now that > Firefox 2 is unsupported, it will soon be the case that you have no safe > browser to use with Tor. (You need Torbutton 1.2 on Firefox to have any > chance of safe browsing.) > > > The last most recent version returns error messages saying that it is > > obsolete already??? What's the deal with that? You mean the next most > > recent version is already > > obsolete? > > You should be on the or-announce list if you're not already. > http://archives.seul.org/or/announce/ > > --Roger > -- mark485ander...@eml.cc -- http://www.fastmail.fm - Same, same, but different...
Re: Some Bones to Pick with Tor Admins
> To be fair, though, 1, 3, and 4 could be configured away in > default FireFox. Updates can be disabled, flash can be removed, > files can be set to "ask", referrals can be disabled, and UA can > be modified in firefox or in Privoxy. Privoxy will not protect ssl connections.
Re: Some Bones to Pick with Tor Admins
On Tue, 2009-02-10 at 18:17 -0500, Ringo Kamens wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > It absolutely would. Here are some things TorButton defends against that > wouldn't be covered in your scenario: > > 1. Unauthenticated Updates > 2. CSS Tracking (I think it does anyways) > 3. Flash and auto-opening of files > 4. Browser referral and user-agent tracking > > Ringo > To be fair, though, 1, 3, and 4 could be configured away in default FireFox. Updates can be disabled, flash can be removed, files can be set to "ask", referrals can be disabled, and UA can be modified in firefox or in Privoxy. > Freemor wrote: > > On Tue, 10 Feb 2009 15:50:27 -0500 > > Roger Dingledine wrote: > > > > (You need Torbutton 1.2 on Firefox to > >> have any chance of safe browsing.) > >> > > > > I know that his is a bit off topic so apologies in advance, > > By the above are you saying that a FF with 0 plugins, 0 extensions, > > cookies and javascript disables running under its own profile would > > still be less safe then a loaded browser with Tor button? If so, could > > you please point me to documentation of the vulnerabilities that Tor > > button would cover but the completely feature denuded FF would not. > > > > Thanks in advance, > > Freemor > > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFJkgr26pWcWSc5BE4RAlYQAJ9TOKq7u9nN9ln3Gg30untzQoTD9QCgrxoA > Hy4PCsUUxxiakGlOQvXr4rw= > =Q2h7 > -END PGP SIGNATURE- signature.asc Description: This is a digitally signed message part
Re: Some Bones to Pick with Tor Admins
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It absolutely would. Here are some things TorButton defends against that wouldn't be covered in your scenario: 1. Unauthenticated Updates 2. CSS Tracking (I think it does anyways) 3. Flash and auto-opening of files 4. Browser referral and user-agent tracking Ringo Freemor wrote: > On Tue, 10 Feb 2009 15:50:27 -0500 > Roger Dingledine wrote: > > (You need Torbutton 1.2 on Firefox to >> have any chance of safe browsing.) >> > > I know that his is a bit off topic so apologies in advance, > By the above are you saying that a FF with 0 plugins, 0 extensions, > cookies and javascript disables running under its own profile would > still be less safe then a loaded browser with Tor button? If so, could > you please point me to documentation of the vulnerabilities that Tor > button would cover but the completely feature denuded FF would not. > > Thanks in advance, > Freemor > -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJkgr26pWcWSc5BE4RAlYQAJ9TOKq7u9nN9ln3Gg30untzQoTD9QCgrxoA Hy4PCsUUxxiakGlOQvXr4rw= =Q2h7 -END PGP SIGNATURE-
Re: Some Bones to Pick with Tor Admins
On Tue, 2009-02-10 at 19:02 -0400, Freemor wrote: > On Tue, 10 Feb 2009 15:50:27 -0500 > Roger Dingledine wrote: > > (You need Torbutton 1.2 on Firefox to > > have any chance of safe browsing.) > > > > I know that his is a bit off topic so apologies in advance, > By the above are you saying that a FF with 0 plugins, 0 extensions, > cookies and javascript disables running under its own profile would > still be less safe then a loaded browser with Tor button? If so, could > you please point me to documentation of the vulnerabilities that Tor > button would cover but the completely feature denuded FF would not. > > Thanks in advance, > Freemor > Just a guess -- user agents? signature.asc Description: This is a digitally signed message part
Re: Some Bones to Pick with Tor Admins
On Tue, 10 Feb 2009 15:50:27 -0500 Roger Dingledine wrote: (You need Torbutton 1.2 on Firefox to > have any chance of safe browsing.) > I know that his is a bit off topic so apologies in advance, By the above are you saying that a FF with 0 plugins, 0 extensions, cookies and javascript disables running under its own profile would still be less safe then a loaded browser with Tor button? If so, could you please point me to documentation of the vulnerabilities that Tor button would cover but the completely feature denuded FF would not. Thanks in advance, Freemor -- free...@gmail.com free...@yahoo.ca This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ ) signature.asc Description: PGP signature
Re: Some Bones to Pick with Tor Admins
On Tue, Feb 10, 2009 at 12:19:38PM -0700, mark485ander...@eml.cc wrote: > (please read and comprehend in entirety, thanks) > Say, howz about fixing your latest "stable" version of Tor so that it > still works on W98se? I get protection faults when executing tor (not > within vidalia). At this point there are very few win98 users of Tor. That plus the fact that win98 is known to be obsolete and insecure means we don't pay much attention to it. Like the other esoteric operating systems out there, we don't object to staying compatible if it's not too much trouble, but we rely on the users to help track down the compatibility problems and work with us to fix things again. I should also note that the ability to stay compatible with win98 is fading. I believe Firefox 3 has dropped win98 compatibility. Now that Firefox 2 is unsupported, it will soon be the case that you have no safe browser to use with Tor. (You need Torbutton 1.2 on Firefox to have any chance of safe browsing.) > The last most recent version returns error messages saying that it is > obsolete already??? What's the deal with that? You mean the next most > recent version is already > obsolete? You should be on the or-announce list if you're not already. http://archives.seul.org/or/announce/ --Roger
Re: Some Bones to Pick with Tor Admins
Fix TOR. On Tue, 10 Feb 2009 20:30:10 +0100, "Ansgar Wiechers" said: > On 2009-02-10 mark485ander...@eml.cc wrote: > > Say, howz about fixing your latest "stable" version of Tor so that it > > still works on W98se? > [...] > > Thanks, in advance for any helpful replies. :-) > > Upgrade your operating system. The extended support period for Windows > 98 SE expired in July 2006. The operating system will no longer receive > bugfixes, and should thus no longer be connected to public networks. > > Regards > Ansgar Wiechers > -- > "The Mac OS X kernel should never panic because, when it does, it > seriously inconveniences the user." > --http://developer.apple.com/technotes/tn2004/tn2118.html -- mark485ander...@eml.cc -- http://www.fastmail.fm - IMAP accessible web-mail
Re: Some Bones to Pick with Tor Admins
On 2009-02-10 mark485ander...@eml.cc wrote: > Say, howz about fixing your latest "stable" version of Tor so that it > still works on W98se? [...] > Thanks, in advance for any helpful replies. :-) Upgrade your operating system. The extended support period for Windows 98 SE expired in July 2006. The operating system will no longer receive bugfixes, and should thus no longer be connected to public networks. Regards Ansgar Wiechers -- "The Mac OS X kernel should never panic because, when it does, it seriously inconveniences the user." --http://developer.apple.com/technotes/tn2004/tn2118.html