Re: [tor-talk] Tor no longer works with win2K ??
Jacob Appelbaum wrote: On 11/10/2011 02:39 AM, Anon Mus wrote: I got a message to upgrade my Tor version.. Nov 10 10:20:45.953 [Warning] Please upgrade! This version of Tor (0.2.1.30) is obsolete, according to the directory authorities. Recommended versions are: 0.2.1.31,0.2.2.34,0.2.3.6-alpha,0.2.3.7-alpha But (as before) the latest versions of the expert install do not work. Here's the stable.. Nov 10 10:17:10.093 [Notice] Tor v0.2.2.34 (git-c4eae752f0d157ce). This is experimental software. Do not rely on it for strong anonymity. (Running on Windows 2000 Service Pack 4 [workstation]) Just as a general warning, I suspect the Random Number Generator on Windows 2000 is not so great. I would seriously consider installing a recent Operating system or booting a tails live CD. All the best, Jacob As I understand it the random number generator in win2k is the same as the one in WinNT, Win2003, WinXP and Windows Vista. http://www.theregister.co.uk/2007/11/13/windows_random_number_gen_flawed/ http://www.computerworld.com/s/article/9048438/Microsoft_confirms_that_XP_contains_random_number_generator_bug http://www.segobit.com/rng.htm Does this mean support for these Windows OSes is also to be withdrawn? Perhaps you can ensure a full explanation is placed a warning on the Torproject web site otherwise lots of users will be using Windows operating systems which are vulnerable. I would have thought a responsible Tor project leadership would have seen to this already! But not a word, WHY? Obviously my questions are still NOT being answered, I QUOTE, Nov 10 10:17:10.093 [Error] Error from libevent: event.c:1413: Assertion base failed in event_base_get_method So this is still a problem, the libvent event failure c:1413. So is Tor supporting win2k still or not and is there a fix or work around to this problem? Can I get a reply from someone on the tor dev team about this ERROR and whether Win2k is being supported now or not? I re-iterate, can I get a reply from someone on the tor dev team about this ERROR and whether Win2k is being supported now or not? Why no replies to genuine and relevant questions? The silence makes the Tor dev team appear to have something to hide. Jo ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor no longer works with win2K ??
I'll pretend you didn't insult me and the rest of the Tor dev team, and try and get your question answered. I've snipped the useless allegations. On Nov 12, 2011, at 12:52 PM, Anon Mus wrote: Jacob Appelbaum wrote: On 11/10/2011 02:39 AM, Anon Mus wrote: I got a message to upgrade my Tor version.. Nov 10 10:20:45.953 [Warning] Please upgrade! This version of Tor (0.2.1.30) is obsolete, according to the directory authorities. Recommended versions are: 0.2.1.31,0.2.2.34,0.2.3.6-alpha,0.2.3.7-alpha But (as before) the latest versions of the expert install do not work. Here's the stable.. Nov 10 10:17:10.093 [Notice] Tor v0.2.2.34 (git-c4eae752f0d157ce). This is experimental software. Do not rely on it for strong anonymity. (Running on Windows 2000 Service Pack 4 [workstation]) Just as a general warning, I suspect the Random Number Generator on Windows 2000 is not so great. I would seriously consider installing a recent Operating system or booting a tails live CD. All the best, Jacob As I understand it the random number generator in win2k is the same as the one in WinNT, Win2003, WinXP and Windows Vista. http://www.theregister.co.uk/2007/11/13/windows_random_number_gen_flawed/ http://www.computerworld.com/s/article/9048438/Microsoft_confirms_that_XP_contains_random_number_generator_bug http://www.segobit.com/rng.htm Does this mean support for these Windows OSes is also to be withdrawn? Nobody said anything about withdrawing support because of this. Note that Jake spoke of suspicion. Recommending against the use of Operating Systems that have reached their end of life and no longer have security support is also just common sense, and it isn't surprising that WinNT or WinXP pre-SP have extremely bad security problems. Does this really surprise you at all? By just reading the articles you linked to above, you will see that MS claims the attack is fixed in the most recent version of Windows XP. You don't provide any kind of evidence that it is still a problem on those systems. Perhaps you can ensure a full explanation is placed a warning on the Torproject web site otherwise lots of users will be using Windows operating systems which are vulnerable. It's not entirely clear what the implications are, from what I understand. Obviously my questions are still NOT being answered, I QUOTE, Maybe that is because you demand a fully qualified answer within six hours, while you fail to provide a good bug report? Typically, bugs get reported to https://bugs.torproject.org, where the developers actually expect them. I re-iterate, can I get a reply from someone on the tor dev team about this ERROR and whether Win2k is being supported now or not? Here's the reply from someone on the tor dev team: Exciting! It seems you've found a bug on Windows 2000 systems, we should totally debug that and see if we can get it fixed! Unfortunately, we don't have a windows 2000 system around to debug this ourselves, and this is the only report we've gotten about trouble so far. Please try and provide more input about your system, the other software that you run, and if you have any experience debugging software so we may help you get this issue resolved. If we have to conclude that the expert Bundle doesn't work on Windows 2000 anymore for whatever reason, I'm afraid we'll have to drop support for it unless someone else steps in to provide the necessary fixes. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor no longer works with win2K ??
On Sat, Nov 12, 2011 at 8:47 AM, Sebastian Hahn m...@sebastianhahn.net wrote: I'll pretend you didn't insult me and the rest of the Tor dev team, and try and get your question answered. I've snipped the useless allegations. On Nov 12, 2011, at 12:52 PM, Anon Mus wrote: Jacob Appelbaum wrote: On 11/10/2011 02:39 AM, Anon Mus wrote: I got a message to upgrade my Tor version.. Nov 10 10:20:45.953 [Warning] Please upgrade! This version of Tor (0.2.1.30) is obsolete, according to the directory authorities. Recommended versions are: 0.2.1.31,0.2.2.34,0.2.3.6-alpha,0.2.3.7-alpha But (as before) the latest versions of the expert install do not work. Here's the stable.. Nov 10 10:17:10.093 [Notice] Tor v0.2.2.34 (git-c4eae752f0d157ce). This is experimental software. Do not rely on it for strong anonymity. (Running on Windows 2000 Service Pack 4 [workstation]) Just as a general warning, I suspect the Random Number Generator on Windows 2000 is not so great. I would seriously consider installing a recent Operating system or booting a tails live CD. All the best, Jacob As I understand it the random number generator in win2k is the same as the one in WinNT, Win2003, WinXP and Windows Vista. http://www.theregister.co.uk/2007/11/13/windows_random_number_gen_flawed/ http://www.computerworld.com/s/article/9048438/Microsoft_confirms_that_XP_contains_random_number_generator_bug http://www.segobit.com/rng.htm Does this mean support for these Windows OSes is also to be withdrawn? Nobody said anything about withdrawing support because of this. Note that Jake spoke of suspicion. Recommending against the use of Operating Systems that have reached their end of life and no longer have security support is also just common sense, and it isn't surprising that WinNT or WinXP pre-SP have extremely bad security problems. Does this really surprise you at all? By just reading the articles you linked to above, you will see that MS claims the attack is fixed in the most recent version of Windows XP. You don't provide any kind of evidence that it is still a problem on those systems. Perhaps you can ensure a full explanation is placed a warning on the Torproject web site otherwise lots of users will be using Windows operating systems which are vulnerable. It's not entirely clear what the implications are, from what I understand. Obviously my questions are still NOT being answered, I QUOTE, Maybe that is because you demand a fully qualified answer within six hours, while you fail to provide a good bug report? Typically, bugs get reported to https://bugs.torproject.org, where the developers actually expect them. I re-iterate, can I get a reply from someone on the tor dev team about this ERROR and whether Win2k is being supported now or not? Here's the reply from someone on the tor dev team: Exciting! It seems you've found a bug on Windows 2000 systems, we should totally debug that and see if we can get it fixed! Unfortunately, we don't have a windows 2000 system around to debug this ourselves, and this is the only report we've gotten about trouble so far. Please try and provide more input about your system, the other software that you run, and if you have any experience debugging software so we may help you get this issue resolved. If we have to conclude that the expert Bundle doesn't work on Windows 2000 anymore for whatever reason, I'm afraid we'll have to drop support for it unless someone else steps in to provide the necessary fixes. Just for general info. I had been using Win 2000 for a bridge server. When I went to update with the Videlia package, It would not execute telling me that something to the effect it wasn't being updated because of out of date and only the Expert package would work ( or something like that, it has been several week now ). I installed the Expert package and it was was working fine for bridge usage. However I did get rid of W2K and went to another Win OS. For me, it was still working approx 6 weeks ago on W2K. Jon So I tried to see ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] You are using Tor, but your browser profile differs from the recommended, `Tor Browser Bundle` default profile.
On 11.11.2011 20:08, Georg Koppen wrote: Very thanks for those information. But what about signature? What means that parameter and how does it computes? If you hover over the link, e.g. in the rating column you see how it is composed: headers you sent AND the order of them are collected and hashed. BTW: I just downloaded the latest Linux bundle I could find and the test values seem quite fine (the Cache field should not be red but that is an issue we still need to fix). The Torbrowser signature should be aadd98ca8e50a5e29de9fe4b819197d1. I have another. An it is same for all TBB starting on my physic machine and in virtual machine. And for Russian-languaged version of TBB your test tell that it is wrong (and advice your value), for en-US-languaged verion your test tell that it is good, but recommend your value. How can I improve that value? Maybe your test works with the latest version of TBB, 2.2.34-2? When I posted my message, it wasn't be released yet. As I suppose it is a hash of some data which browser send to server, and it must be the same on each TBB in the World, am I right? Yes, it should. In the American version of the TBB it the same as in Russian but your test indicate that in Russian version is wrong and that in in American version is rights. I am not sure what you mean but in the header signature are not all headers included you send just the amount that is needed to distinguish different browsers. Thus, you can have the same header signature but still do not send the same headers. Georg The TBB provides in some national languaged versions: https://www.torproject.org/projects/torbrowser.html.en Whether each of them send the same headers? As we see above, we have a problem at least with a charset. But in en-Us version charsets send OK, but I have the same signature with Rus version. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] You are using Tor, but your browser profile differs from the recommended, `Tor Browser Bundle` default profile.
On 12.11.2011 16:54, James Brown wrote: On 11.11.2011 20:08, Georg Koppen wrote: Very thanks for those information. But what about signature? What means that parameter and how does it computes? If you hover over the link, e.g. in the rating column you see how it is composed: headers you sent AND the order of them are collected and hashed. BTW: I just downloaded the latest Linux bundle I could find and the test values seem quite fine (the Cache field should not be red but that is an issue we still need to fix). The Torbrowser signature should be aadd98ca8e50a5e29de9fe4b819197d1. I have another. An it is same for all TBB starting on my physic machine and in virtual machine. And for Russian-languaged version of TBB your test tell that it is wrong (and advice your value), for en-US-languaged verion your test tell that it is good, but recommend your value. How can I improve that value? Maybe your test works with the latest version of TBB, 2.2.34-2? When I posted my message, it wasn't be released yet. I have the same value (not indicated by you but my own) on the latest version, too. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor no longer works with win2K ??
On 12/11/11 11:52, Anon Mus wrote: Why no replies to genuine and relevant questions? The silence makes the Tor dev team appear to have something to hide. Do you go round making accusations against everybody who gives you something for free? If this was my project I'd be telling you where to shove your genuine and relevant questions round about now. It's generally understood in the free software world that if you want support for an obsolete system from over a decade ago then you have to be patient, polite and prepared to put in significant effort yourself. Nobody's going to keep an old, unsupported system up and running, at personal expense, just to appease a person who is rude to them. Julian -- 3072D/D2DE707D Julian Yon (2011 General Use) pgp.2...@jry.me signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Tor in Mexico
Hi, I came across this news: Gangsters killed and beheaded an Internet blogger Wednesday in Nuevo Laredo, the fourth slaying in the city involving people associated with social media sites since early September. .. The victim, identified on social networking sites only by his nickname - Rascatripas or Belly Scratcher - reportedly helped moderate a site called En Vivo that posted news of shootouts and other activities of the Zetas, the narcotics and extortion gang that all but controls the city. More info here: http://www.chron.com/news/houston-texas/article/Blogger-murdered-and-beheaded-in-Nuevo-Laredo-2260814.php The site mentioned (http://www.nuevolaredoenvivo.es.tl/) is promoting Tor use. It seems the victim used Tor, but the gangsters were able to identify and kill him anyway... Regards, M. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor no longer works with win2K ??
On 11/12/2011 01:11 PM, Julian Yon wrote: Nobody's going to keep an old, unsupported system up and running, at personal expense, just to appease a person who is rude to them. It's also a bad idea from a security perspective. You could easily be doing them more harm than good. Win2k had a long and useful life, but it has been laid to rest by its creator. If it feels stable and well understood today, it is because the world has decided to no longer research and report its bugs. It's old and busted. Don't run it, even from behind a firewall. It is not secure. - Marsh ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor in Mexico
On Saturday, November 12, 2011 8:30 PM, Matej Kovacic matej.kova...@owca.info wrote: Gangsters killed and beheaded an Internet blogger Wednesday in Nuevo Laredo, the fourth slaying in the city involving people associated with social media sites since early September. .. The victim, identified on social networking sites only by his nickname - Rascatripas or Belly Scratcher - reportedly helped moderate a site called En Vivo that posted news of shootouts and other activities of the Zetas, the narcotics and extortion gang that all but controls the city. Possibly not. The man they killed might actually have no relation to the note they left on him. http://boingboing.net/2011/11/10/report-no-proof-man-kille.html http://boingboing.net/2011/11/10/nuevo-laredo-online-news-murd.html The site mentioned (http://www.nuevolaredoenvivo.es.tl/) is promoting Tor use. It seems the victim used Tor, but the gangsters were able to identify and kill him anyway... If you're a ruthless ex-military organized crime outfit that has decided to wage a war of intimidation on the populace, you don't need to let silly things like evidence or the truth stop you from killing random people to leave corpses with notes on them around town. To be on the safe side, someone who speaks Spanish should create a fake email account and make sure these people know about Tor Bridges. If the Zetas are as reckless as they seem, it might not be too long before any Tor user who directly accesses the Tor network from the area is in danger, regardless of what they use Tor for. https://www.torproject.org/docs/bridges But of course, the Zetas could also just continue killing complete randoms, too... Certainly requires less effort on their end. P.S. It continues to sadden and amaze me that the moral crusade against drugs can be allowed to claim so much life before people admit to themselves it is a fake war not worth fighting. As has been demonstrated time and time again, artificial supply reduction just creates violence, corruption, and even terrorism. How many times do we humans have to learn this fact? How many of ourselves must we sacrifice on the alter of Moral Temperance? If there is a god, it is certainly no more amused by the activity of either side than by sun sacrifices or witch burnings.. -- http://www.fastmail.fm - Faster than the air-speed velocity of an unladen european swallow ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] You are using Tor, but your browser profile differs from the recommended, `Tor Browser Bundle` default profile.
I have another. An it is same for all TBB starting on my physic machine and in virtual machine. And for Russian-languaged version of TBB your test tell that it is wrong (and advice your value), for en-US-languaged verion your test tell that it is good, but recommend your value. How can I improve that value? I am actually not sure if there is something to improve at the moment at all. That would imply that there is an official HTTP header normalization for the TBB. But that is not the case. What we did was taking the en-TBB and its values as reference values as we thought that this bundle would be our best bet for the largest TBB user group. That might be a wrong assumption, though. Georg -- eMail: g.kop...@jondos.de PGP/GPG: 0xD936B338 Jabber: gr...@jabber.org OTR-Abdruck: 35446001 20BCBE89 29A239E8 EA937FE2 7241A520 JonDos GmbH Firmensitz: Bruderwöhrdstraße 15b, 93055 Regensburg Registergericht: Amtsgericht Regensburg, HRB 10532 Umsatzsteuer-Identifikationsnummer: DE814839010 Geschäftsführer: Rolf Wendolsky, Thomas Dumler signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor in Mexico
From: Mondior Folimun mfoli...@elitemail.org On Saturday, November 12, 2011 8:30 PM, Matej Kovacic matej.kova...@owca.info wrote: Gangsters killed and beheaded an Internet blogger Wednesday in Nuevo Laredo, the fourth slaying in the city involving people associated with social media sites since early September. .. The victim, identified on social networking sites only by his nickname - Rascatripas or Belly Scratcher - reportedly helped moderate a site called En Vivo that posted news of shootouts and other activities of the Zetas, the narcotics and extortion gang that all but controls the city. Possibly not. The man they killed might actually have no relation to the note they left on him. http://boingboing.net/2011/11/10/report-no-proof-man-kille.html http://boingboing.net/2011/11/10/nuevo-laredo-online-news-murd.html The site mentioned (http://www.nuevolaredoenvivo.es.tl/) is promoting Tor use. It seems the victim used Tor, but the gangsters were able to identify and kill him anyway... If you're a ruthless ex-military organized crime outfit that has decided to wage a war of intimidation on the populace, you don't need to let silly things like evidence or the truth stop you from killing random people to leave corpses with notes on them around town. To be on the safe side, someone who speaks Spanish should create a fake email account and make sure these people know about Tor Bridges. If the Zetas are as reckless as they seem, it might not be too long before any Tor user who directly accesses the Tor network from the area is in danger, regardless of what they use Tor for. https://www.torproject.org/docs/bridges But of course, the Zetas could also just continue killing complete randoms, too... Certainly requires less effort on their end. P.S. It continues to sadden and amaze me that the moral crusade against drugs can be allowed to claim so much life before people admit to themselves it is a fake war not worth fighting. As has been demonstrated time and time again, artificial supply reduction just creates violence, corruption, and even terrorism. How many times do we humans have to learn this fact? How many of ourselves must we sacrifice on the alter of Moral Temperance? If there is a god, it is certainly no more amused by the activity of either side than by sun sacrifices or witch burnings.. Absolutely with billions of of taxpayer money wasted. and add... http://www.theregister.co.uk/2011/11/07/anonymous_opcartel/ On-again-off-again plans by the Anonymous collective to publish details of the infamous Zetas drug cartel and their associates were finally cancelled over the weekend, following the supposed release of a kidnapped member of the hacktivist collective. -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Browser Bundle
When one makes changes in Vidalia settings, is it necessary to restart Tor/Vidalia and or the browser? Is that normally how those changes occur, with a restart? And if a restart is necessary, then doesn't that increase the risk to one's anonymity? I use Tor (Browser Bundle/Windows) at internet cafes. It is technically illegal to use a proxy here, so is there a way to open it and make these changes off line, so that I don't have to risk my an-0-nym-ah-tea anyone? Thanks - Original Message - From: Robert Ransom Sent: 11/09/11 09:54 PM To: tor-talk@lists.torproject.org Subject: Re: [tor-talk] New Browser Bundle On 2011-11-09, Andrew Lewman and...@torproject.org wrote: On Tuesday, November 08, 2011 08:56:47 Christian Siefkes wrote: Does that work? As I understand it, clicking the Use a new identity button in Vidalia tells Tor to build new circuits for subsequent connections, but it doesn't seem to affect Aurora -- all the cookies that have assembled since the start of the session are still there. (At least on Linux, using the current version.) Or is there a different 'new identity' feature I missed? There is a 'new identity' button in vidalia which does both clear caches and such in aurora and send new identity command to tor. No. The ‘New Identity’ command in Torbutton's popup menu clears state in the browser; Vidalia's ‘New Identity’ command does not. Robert Ransom ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk