[tor-dev] Collecting data to demonstrate TCP ISN-based port knocking
Hi all, some of you might remember a project called Knock, which implements a variant of port-knocking in the Linux kernel that can be used to check the authenticity of arbitrary TCP connections and even can do integrity checking of the TCP payload by using a pre-shared key. Knock started as a student project which was presented during the Tor developer meeting at Technische Universität München last July. This was also where Jake added his two cents to help the project to move on. We still hope that Knock will be eventually useful for Tor (think: bridges), but could use your help to collect data to help convince the Linux people to adopt the latest patch. As Knock uses two fields in the TCP header in order to hide information and we explicitly want to be compatible with machines sitting in typical home networks, we need to make sure that this information doesn't get corrupted by the majority of NAT boxes out there. We thus created a program which tests if Knock would work in your environment. It would be great if some of you were able to execute the program on your machines in order to help us to get an estimation of if Knock one day could be used in a large scale. You can find sources, binaries and a more elaborate description here: https://gnunet.org/knock_nat_tester Technical details about Knock and a (somewhat outdated) research paper as well as kernel patches are provided here: https://gnunet.org/knock Best, Julian Christian 0x48426C7E.asc Description: application/pgp-keys ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] Code review request for bug #9701
Hello list, If anybody's feeling particularly friendly, then it would be nice of you to do the favour of reviewing the proposed solution to bug #9701: https://trac.torproject.org/projects/tor/ticket/9701 It relates to clipboard turds of the Tor Browser in violation of the premise of disk avoidance by design. The code in question is attached to the bug report. Georg (GK) has signalled interest, in case you want to coordinate. Thanks in advance! Cheers, Michael smime.p7s Description: S/MIME cryptographic signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Code review request for bug #9701
On 5/15/2014 9:38 AM, mich...@schloh.com wrote: Hello list, If anybody's feeling particularly friendly, then it would be nice of you to do the favour of reviewing the proposed solution to bug #9701: https://trac.torproject.org/projects/tor/ticket/9701 It relates to clipboard turds of the Tor Browser in violation of the premise of disk avoidance by design. The code in question is attached to the bug report. Georg (GK) has signalled interest, in case you want to coordinate. Thanks in advance! Cheers, Michael ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev Hi Michael, I'm new to the tor-dev mailing list so I don't know what the proper protocol is for this type of response. I have a couple of concerns about this proposed change. 1. Some versions of the SunOS--maybe Solaris too, I'm not sure--had a provision where you could copy text without any explicit clip board action. You could just select the text and middle click in the destination. Will this change break that behavior or are these systems still supported? 2. My second concern is a style issue. If I read msvb-9701.diff correctly, you propose to just comment out the offending code with a preprocessor directive. I, along with others who are more knowledgeable, think that this process is bad form. It tends to leave the source code cluttered with a great deal of non-functioning code. While it is worthwhile to preserve the history, that is what source code control systems are for. Regards Ken Keys ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Code review request for bug #9701
Hello Ken, On Thurs., May 15, 2014, Ken Keys wrote: On 5/15/2014 9:38 AM, mich...@schloh.com wrote: If anybody's feeling particularly friendly, then it would be nice of you to do the favour of reviewing the proposed solution to bug #9701: https://trac.torproject.org/projects/tor/ticket/9701 It relates to clipboard turds of the Tor Browser in violation of the premise of disk avoidance by design. The code in question is attached to the bug report. 1. Some versions of the SunOS--maybe Solaris too, I'm not sure--had a provision where you could copy text without any explicit clip board action. You could just select the text and middle click in the destination. Will this change break that behavior or are these systems still supported? I couldn't find any official requirements doc stating that all POSIX or certain versions of certain POSIX/LINUX distros are supported. Regardless of this, I think the highlight and middle click thing is a X11 feature. Good idea to bring this up, but since my Linux tests included mouse as well as middle click action this probably extends to SunOS and other POSIX OSs using X11. Is that your gut feeling too? You think we need more testing using real (VM) SunOS and other platforms? 2. My second concern is a style issue. If I read msvb-9701.diff correctly, you propose to just comment out the offending code with a preprocessor directive. I, along with others who are more knowledgeable, think that this process is bad form. It tends to leave the source code cluttered with a great deal of non-functioning code. While it is worthwhile to preserve the history, that is what source code control systems are for. This is a good idea, and I'll use your good advice. Thanks a lot. Regards, Michael smime.p7s Description: S/MIME cryptographic signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Code review request for bug #9701
On 5/15/2014 2:10 PM, mich...@schloh.com wrote: Hello Ken, On Thurs., May 15, 2014, Ken Keys wrote: On 5/15/2014 9:38 AM, mich...@schloh.com wrote: If anybody's feeling particularly friendly, then it would be nice of you to do the favour of reviewing the proposed solution to bug #9701: https://trac.torproject.org/projects/tor/ticket/9701 It relates to clipboard turds of the Tor Browser in violation of the premise of disk avoidance by design. The code in question is attached to the bug report. 1. Some versions of the SunOS--maybe Solaris too, I'm not sure--had a provision where you could copy text without any explicit clip board action. You could just select the text and middle click in the destination. Will this change break that behavior or are these systems still supported? I couldn't find any official requirements doc stating that all POSIX or certain versions of certain POSIX/LINUX distros are supported. Regardless of this, I think the highlight and middle click thing is a X11 feature. Good idea to bring this up, but since my Linux tests included mouse as well as middle click action this probably extends to SunOS and other POSIX OSs using X11. Is that your gut feeling too? You think we need more testing using real (VM) SunOS and other platforms? I had presumed that the feature was implemented by the window manager rather than the underlying X11 system. I have never seen it in a Mosaic (DEC, HP) based system but that doesn't mean they wouldn't support the feature with the correct settings in various resource files. I'm pretty ignorant about the various Linux distros. I need to get my Linux box up and running again. I don't think it would be necessary to test on the actual OS as long as the feature can be exercised on the test rig. If the feature is not covered by a test case it wouldn't help to run it on the actual OS. ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Code review request for bug #9701
Hello Ken, On Thurs., May 15, 2014, Ken Keys wrote: On 5/15/2014 2:10 PM, mich...@schloh.com wrote: On Thurs., May 15, 2014, Ken Keys wrote: On 5/15/2014 9:38 AM, mich...@schloh.com wrote: If anybody's feeling particularly friendly, then it would be nice of you to do the favour of reviewing the proposed solution to bug #9701: https://trac.torproject.org/projects/tor/ticket/9701 It relates to clipboard turds of the Tor Browser in violation of the premise of disk avoidance by design. The code in question is attached to the bug report. 1. Some versions of the SunOS--maybe Solaris too, I'm not sure--had a provision where you could copy text without any explicit clip board action. You could just select the text and middle click in the destination. Will this change break that behavior or are these systems still supported? I couldn't find any official requirements doc stating that all POSIX or certain versions of certain POSIX/LINUX distros are supported. Regardless of this, I think the highlight and middle click thing is a X11 feature. Good idea to bring this up, but since my Linux tests included mouse as well as middle click action this probably extends to SunOS and other POSIX OSs using X11. Is that your gut feeling too? You think we need more testing using real (VM) SunOS and other platforms? I had presumed that the feature was implemented by the window manager rather than the underlying X11 system. Hmm, that could be (although didn't CDE have middle pasting as well?) The problem is that tests combining the set of (Gnome|Enlightenment|KDE|CDE|Unity|Xfe|LXDE|?) with (Distro|32/64Arch|Version) is prohibitive. That's why I was trying to make the change as surgical as possible. The proposed solution changes nothing for selections 1Mo and reverts to pre-file cache logic (year 1999) for selections 1Mo. I need to get my Linux box up and running again. I don't think it would be necessary to test on the actual OS as long as the feature can be exercised on the test rig. If the feature is not covered by a test case it wouldn't help to run it on the actual OS. I don't know of a test rig that middle clicks, but I'm kind of new here. So you don't think it would help to do one or two tests on a less popular or exotic platform with a non Gnome/KDE/Unity? The problem with Solaris is that all the release since 5 years have used Gnome. Regards, Michael smime.p7s Description: S/MIME cryptographic signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev