Re: [tor-dev] Request for feedback/victims: cfc-0.0.2
* Yawning Angel schrieb am 2016-03-27 um 08:12 Uhr: >* (QoL) Skip useless landing pages (github.com/twitter.com will be > auto-redirected to the "search" pages). When you're logged into Twitter, https://twitter.com/ shows you your stream of tweets. With the current version, a user can't see its own stream anymore. Can you redirect to the search page only for non-logged-in users? -- Jens Kubieziel http://www.kubieziel.de 21 ist nur die halbe Wahrheit signature.asc Description: Digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] Analysis of ASan usage
Hi, FYI: oss-security lately had a posting with the title »Address Sanitizer local root« (http://www.openwall.com/lists/oss-security/2016/02/17/9>) The author showed that building a suid binary with ASan enables local root exploits. He also shows some other problems with this approach. In his posting he mentions the Tor Browser and recommends to not use the word »hardened«, because it is misleading. -- Jens Kubieziel http://www.kubieziel.de Vielleicht verdirbt Geld tatsächlich den Charakter. Auf keinen Fall aber macht ein Mangel an Geld ihn besser. Jonathan Swift signature.asc Description: Digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] Status of remaining SVN repositories
Hi, Tor has a SVN with several repositories in it. The ticket #4929 deals with migrating them to git (https://trac.torproject.org/projects/tor/ticket/4929>). I made a table within the ticket to track the current status. Most of the repositories are in git right now. However some remain where I don't know what the current status is. This are: - blossom - bsockets - incognito - libevent-urz - topf - projects (it seems sub repos are in git) - website Should the first five repos also be moved to trac or what do we want to do with them? -- Jens Kubieziel http://www.kubieziel.de Eine schwarze Katze auf dem Weg zum Galgen bringt Unglück. Werner Mitsch signature.asc Description: Digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Regarding involving in tor project
* dp docs schrieb am 2015-01-04 um 09:37 Uhr: > I appreciate your effort but till now I am not able to resolve the issue. I > have tried to join the channel "#tor-dev" even using a web irc too. it's > showing "can not join the channel (+b)." but how i can be banned if i am > joining the channel first time. Sometimes #tor and #tor-dev get spammed by some individual. During these times the channel operator sets some protection or bans special hostnames. If this is the case for you, just wait some time and come back later. Usually those protections are removed after the spammer is gone. As far as I see it both channels have no special flags right now. -- Jens Kubieziel http://www.kubieziel.de Spielen ist Experimentieren mit dem Zufall. Novalis signature.asc Description: Digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] Accessing hidden services with TAP or ntor
Hi, we had some discussions during the dev meeting regarding hidden services and why users sometimes report that the access to them fails. The general problem might be that the specific hidden service doesn't exist anymore. However in some cases the HS exists (see http://tor.stackexchange.com/q/1442/88> as an example). So one theory was that the transistion from TAP to ntor might cause problems. I tried to test it and found no evidence so far. What did I do? I checked out the current Tor source from git and the tor-0.2.3.25 tagged version. I built both versions and gave them a minimal torrc (SocksPort, Log, DataDir, ControlPort). After the Tor process built a circuit I used a random page from the hidden wiki and tried to access it. If it failed, I tried either the HS from TorProject or DDG. If it succeeded, I built a new circuit and tried another HS. During the first tests I used the hotel network, which was kind of flaky. With a more stable connection I tested nearly 20 hidden services and found no difference in the behaviour of both Tor versions. Both failed on one random HS and opened all other reasonably fast. While this is no final proof it is good evidence that there is no connection between failing hidden services and TAP/ntor. So maybe we need another theory to test. ;) -- Jens Kubieziel http://www.kubieziel.de I just found out that the brain is like a computer. If that's true, then there really aren't any stupid people. Just people running Windows. signature.asc Description: Digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Proposal 203: Avoiding censorship by impersonating an HTTPS server
* Nick Mathewson schrieb am 2012-06-26 um 00:23 Uhr: > Side note: What to put on the webserver? > >To credibly pretend not to be ourselves, we must pretend to be >something else in particular -- and something not easily identifiable >or inherently worthless. We should not, for example, have all Some ideas: - some random content with a CC license We could have a list or something of CC-licensed content. The webserver mirrors either the whole site or some subsites. I'm thinking of some Wikipedia sites or books from Project Gutenberg. - country related content We could check the users IP address and try to geolocate it. Based on that country information the webserver could deliver some local content. But where should we get country-specific content. - 451 If someone is in trolling mood, he just can deliver a 451 error. ;) - Login page/random fresh installation We could also present some page which looks like a valid login page or a fresh installation (Apache, Mediawiki or something other popular). Another similar idea is it to deliver some error page, like a blank page with a MySQL-, PHP-, Tomcat or any other error message. -- Jens Kubieziel http://www.kubieziel.de Die größten Menschen sind jene, die anderen Hoffnung geben können. Jean Jaurès signature.asc Description: Digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev