Re: Tor Browser Bundle for GNU/Linux 1.0.0 Released
* arshad [2010:03:28 11:58 +0530]: > On Sat, 2010-03-27 at 12:00 -0400, Faraaz Damji wrote: > > If that matches, make sure your version of tar is un-gzipping before > > un-tarring (try 'tar -xzvf FILE.tar.gz', or 'gzip -dc FILE.tar.gz | > > tar > > -xv') > > > thanks it extracted. > but when i click on the executable script nothing is happening. even > setting permission to 777 doesn't make any difference. > any idea? Thanks for pointing this out. Clicking on it seems to work on some distributions and not others, but ideally it will work on all systems. I've given myself a feature request bug (#1332) and will fix this in a future version. signature.asc Description: Digital signature
Re: Tor Browser Bundle for GNU/Linux 1.0.0 Released
* Brendan Compton [2010:03:28 21:43 -0500]: > Just wanted to point out that maybe the Tor volunteer page should be updated > to reflect the fact that this is a 'completed' project. It's still listed > as a good coding project for Google's 2010 Summer of Code. Maybe at the > very least change it to "working beta has been released" so that any > applicants considering it know what they'd be getting into. I've updated this in svn as well to reflect the current status. I will note here, as well, that if anyone wants to help do security auditing I am all ears. I am specifically interested in finding traces left behind on Linux systems and though I have done some preliminary auditing and not been able to find much, I'm sure there are plenty of people out there who can help. So if you're reading this now, please contact me. :) > Thanks for the Linux Browser Bundle goodness. No problem. Please let me know if you encounter any problems. signature.asc Description: Digital signature
Re: Tor Browser Bundle for GNU/Linux 1.0.0 Released
* Jim [2010:03:28 02:54 -0600]: > The fingerprints for your your signing keys seem to be missing from > the "verifying signatures" page: > > https://www.torproject.org/verifying-signatures Thanks for mentioning this. I've updated this in svn and it will go out in the next website push. signature.asc Description: Digital signature
Re: Tor Browser Bundle for GNU/Linux 1.0.0 Released
On Fri, Mar 26, 2010 at 11:33 PM, Erinn Clark wrote: > https://blog.torproject.org/blog/tor-browser-bundle-gnulinux > > Tor Browser Bundle for GNU/Linux is now available for x86 and x86_64 > architectures in 12 languages. > > > Just wanted to point out that maybe the Tor volunteer page should be updated to reflect the fact that this is a 'completed' project. It's still listed as a good coding project for Google's 2010 Summer of Code. Maybe at the very least change it to "working beta has been released" so that any applicants considering it know what they'd be getting into. Thanks for the Linux Browser Bundle goodness. Brendan
Re: Tor Browser Bundle for GNU/Linux 1.0.0 Released
Erinn Clark wrote: https://blog.torproject.org/blog/tor-browser-bundle-gnulinux Tor Browser Bundle for GNU/Linux is now available for x86 and x86_64 architectures in 12 languages. The Tor Browser Bundle lets you use Tor without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser and is self-contained. You can download it from the Tor Browser page which also has instructions about how to extract and use it. http://www.torproject.org/torbrowser/ Hi, Thanks for doing this. The fingerprints for your your signing keys seem to be missing from the "verifying signatures" page: https://www.torproject.org/verifying-signatures Also, on a minor housekeeping note, the link for "how to verify package signatures" on http://www.torproject.org/torbrowser/ points to an old page with a message that the page has moved. Thanks again, Jim *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Browser Bundle for GNU/Linux 1.0.0 Released
On Sun, 2010-03-28 at 02:51 -0400, Ringo wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Try running it from the terminal, do you get any errors? > > Ringo > > arshad wrote: > > On Sat, 2010-03-27 at 12:00 -0400, Faraaz Damji wrote: > >> If that matches, make sure your version of tar is un-gzipping before > >> un-tarring (try 'tar -xzvf FILE.tar.gz', or 'gzip -dc FILE.tar.gz | > >> tar > >> -xv') > >> > > thanks it extracted. > > but when i click on the executable script nothing is happening. even > > setting permission to 777 doesn't make any difference. > > any idea? > > > > thank you very much. > > > > *** > > To unsubscribe, send an e-mail to majord...@torproject.org with > > unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ > > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAkuu/GIACgkQETpif9i/srojHgCfcyCfdHkNCTi62kW8WktAVAXI > v4IAn2PYABavrlNUefL7YkryLyIa6bRT > =7Er6 > -END PGP SIGNATURE- > *** > To unsubscribe, send an e-mail to majord...@torproject.org with > unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ thanks, its now working, i was running another instance of tor already (installed version). :) *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Browser Bundle for GNU/Linux 1.0.0 Released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Try running it from the terminal, do you get any errors? Ringo arshad wrote: > On Sat, 2010-03-27 at 12:00 -0400, Faraaz Damji wrote: >> If that matches, make sure your version of tar is un-gzipping before >> un-tarring (try 'tar -xzvf FILE.tar.gz', or 'gzip -dc FILE.tar.gz | >> tar >> -xv') >> > thanks it extracted. > but when i click on the executable script nothing is happening. even > setting permission to 777 doesn't make any difference. > any idea? > > thank you very much. > > *** > To unsubscribe, send an e-mail to majord...@torproject.org with > unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ > -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkuu/GIACgkQETpif9i/srojHgCfcyCfdHkNCTi62kW8WktAVAXI v4IAn2PYABavrlNUefL7YkryLyIa6bRT =7Er6 -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Browser Bundle for GNU/Linux 1.0.0 Released
On Sat, 2010-03-27 at 12:00 -0400, Faraaz Damji wrote: > If that matches, make sure your version of tar is un-gzipping before > un-tarring (try 'tar -xzvf FILE.tar.gz', or 'gzip -dc FILE.tar.gz | > tar > -xv') > thanks it extracted. but when i click on the executable script nothing is happening. even setting permission to 777 doesn't make any difference. any idea? thank you very much. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Browser Bundle for GNU/Linux 1.0.0 Released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mike Perry wrote: > Thus spake Erinn Clark (er...@torproject.org): > >> Tor Browser Bundle for GNU/Linux is now available for x86 and x86_64 >> architectures in 12 languages. >> >> The bundle comes with the following software: >> >> * NoScript 1.9.9.57 >> * BetterPrivacy 1.4.7 > > I want to point out that this is the first bundle we are shipping with > NoScript and BetterPrivacy. We've decided to attempt this as a trial > in Linux TBB for a few reasons. After the remote font exploit of Any idea when this will be released for Windows? - -- The best way to get past my spam filter is to sign or encrypt your email to me. My PGP KeyId: 0x84D46604 http://blogdoofus.com http://tinfoilchef.com http://www.domaincarryout.com Un-official Freenet 0.5 alternative download http://peculiarplace.com/freenet/ Mixminion Message Sender, Windows GUI Frontend for Mixminion http://peculiarplace.com/mixminion-message-sender/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBS67DGXV+YnyE1GYEAQhW7Af/TypLX7QT4Dd6TQ/MljEzWMMV823jBxTN RkQGhjQxvcHv2z9dqKteE6yuKzNczpyTV++y+49wQ9Hm0c/Z0LWeJ0IcrDLsv8ae txjWxAioYHJ3/efBxW8kjDPL7QIyMz8Fu/WukWt+B6rCpDd+mFa/4N+rZdlV+KiB pH6QeJgMHZZLOyLk7pyqo6j5u5iZc9yvKClMNGFkwpOUIMNaMaHBZEIH4TcZaCK5 QgLfvGtfgjYTVtaVXigMT1CkWRwsDyxXGjb7WZPKeI8y8L0NtUwhhKKtLiwNBy2z GenXDnlazxxy517iKYz3EwQSuow9s5CKcy1g3mDsXDyhLFXLEATLNg== =zuyz -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Browser Bundle for GNU/Linux 1.0.0 Released
On Sat, Mar 27, 2010 at 12:00:47PM -0400, lis...@frazzydee.ca wrote 0.8K bytes in 28 lines about: > Check the md5 signatures of your files against the .sig file. The sig files are gpg signatures, not md5 hashes. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Browser Bundle for GNU/Linux 1.0.0 Released
Thus spake coderman (coder...@gmail.com): > On Sat, Mar 27, 2010 at 3:44 AM, Mike Perry wrote: > > ... we've come to the conclusion that we need to do a bit more to > > protect our users against Firefox... > > > > In addition, we've decided to try to deploy a list of popular sites > > that have insecure https functionality that can be secured by > > NoScript... > > certlock add-on would be useful too... even better if seeded with > perspectives like validated cert details for the popular targets, like > those you listed above. Yeah, this will make a fine addition to the beta TBB builds once it is released. We will need help seeding it and the NoScript list most likely. Also, for those of you who want to try the NoScript config without downloading the whole bundle, you can import it here: https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/noscriptconfig.json Note that a couple bugs have been fixed for config importing in the noscript devel versions. You may want to consider using those too: http://noscript.net/getit#devel -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpHtOxmwsYu1.pgp Description: PGP signature
Re: Tor Browser Bundle for GNU/Linux 1.0.0 Released
On Sat, Mar 27, 2010 at 3:44 AM, Mike Perry wrote: > ... we've come to the conclusion that we need to do a bit more to > protect our users against Firefox... > > In addition, we've decided to try to deploy a list of popular sites > that have insecure https functionality that can be secured by > NoScript... certlock add-on would be useful too... even better if seeded with perspectives like validated cert details for the popular targets, like those you listed above. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Browser Bundle for GNU/Linux 1.0.0 Released
On 10-03-27 11:26 AM, arshad wrote: On Fri, 2010-03-26 at 21:33 -0700, Erinn Clark wrote: http://www.torproject.org/torbrowser/ i downloaded both English (en-US): i386 (sig) | x86_64 (sig) and i get this error when extracting: tar: This does not look like a tar archive tar: Skipping to next header tar: Error exit delayed from previous errors downloaded sizes: 21.4, 21.6 respectively (in mb) Works for me. Check the md5 signatures of your files against the .sig file. If that matches, make sure your version of tar is un-gzipping before un-tarring (try 'tar -xzvf FILE.gz', or 'gzip -dc FILE.gz | tar -xv') -Faraaz *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Browser Bundle for GNU/Linux 1.0.0 Released
On 10-03-27 11:26 AM, arshad wrote: On Fri, 2010-03-26 at 21:33 -0700, Erinn Clark wrote: http://www.torproject.org/torbrowser/ i downloaded both English (en-US): i386 (sig) | x86_64 (sig) and i get this error when extracting: tar: This does not look like a tar archive tar: Skipping to next header tar: Error exit delayed from previous errors downloaded sizes: 21.4, 21.6 respectively (in mb) Works for me. Check the md5 signatures of your files against the .sig file. If that matches, make sure your version of tar is un-gzipping before un-tarring (try 'tar -xzvf FILE.tar.gz', or 'gzip -dc FILE.tar.gz | tar -xv') -Faraaz *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Browser Bundle for GNU/Linux 1.0.0 Released
On Fri, 2010-03-26 at 21:33 -0700, Erinn Clark wrote: > http://www.torproject.org/torbrowser/ i downloaded both English (en-US): i386 (sig) | x86_64 (sig) and i get this error when extracting: tar: This does not look like a tar archive tar: Skipping to next header tar: Error exit delayed from previous errors downloaded sizes: 21.4, 21.6 respectively (in mb) *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Browser Bundle for GNU/Linux 1.0.0 Released
Thus spake Erinn Clark (er...@torproject.org): > Tor Browser Bundle for GNU/Linux is now available for x86 and x86_64 > architectures in 12 languages. > > The bundle comes with the following software: > > * NoScript 1.9.9.57 > * BetterPrivacy 1.4.7 I want to point out that this is the first bundle we are shipping with NoScript and BetterPrivacy. We've decided to attempt this as a trial in Linux TBB for a few reasons. After the remote font exploit of Firefox 3.6 and the apparent ~2 month delay between exploit code and fix, we've come to the conclusion that we need to do a bit more to protect our users against Firefox 0day being held by the underground and aboveground exploit markets. See: http://hackademix.net/2010/03/24/why-noscript-blocks-web-fonts/ http://hackademix.net/2010/03/22/firefox-36s-0-day-and-you/ https://bugs.torproject.org/flyspray/index.php?do=details&id=1328 We also want to provide at least some way for people to view YouTube videos and other flash content without completely sacrificing their privacy and anonymity while viewing all websites. Our plan is to make it so that people who insist on viewing flash content can simply uncheck "Disable plugins for Tor usage", and only be at risk when they actually decide to load a plugin (possibly GnashPlayer) by clicking on its NoScript Placeholder. Basically, we would like to replace this long FAQ entry with a much simpler one that still has an appropriate warning: https://www.torproject.org/torbutton/faq.html.en#noflash In addition, we've decided to try to deploy a list of popular sites that have insecure https functionality that can be secured by NoScript. Right now, we are attempting to secure *twitter.com *facebook.com blog.torproject.org www.torproject.org docs.google.com addons.mozilla.org www.stumbleupon.com. We are open to any suggestions for additions to this list, and what we might do about any problems that arise. The Noscript config shipped with the bundle has the following additional general properties: 1. It disables the redirect to noscript.net on updates. 2. It simplifies the context menu down to just enable/disable javascript 3. It sets Javascript to be enabled by default. 4. It replaces most common media types and plugins with placeholders We're open to any suggestions or comments about this approach. I am also discussing usability issues with Giorgio to try to help make NoScript a bit easier to use in general. > This is a beta version, so please test it and file bugs! > https://bugs.torproject.org/ -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpSfnZiFWwZZ.pgp Description: PGP signature
