Re: [tor-talk] Hardened Tor Browser for Windows

[Tamara West]

Why does everyone keep doing this? Stop thinking about computing only from
your perspective. It doesn't matter the reason why. People will want, will
need a Windows version of Tor. That's why the client already exists. I am
simply asking about getting the best version available to the public. Have
the choice available for any informed user. It is not possible to install
software in many environments (The Tor executable on Windows just extracts
so please don't try to argue this point) so installing VirtualBox or using
a LiveCD(DVD) or any of those other options are not available to everyone.
Sometimes it is really not about "I do not know" or "I am not comfortable
with Linux".

On Mon, Oct 17, 2016 at 8:08 PM, Tamara West 
wrote:

> Excuse my ignorance but what exactly must happen for us to get a 64-bit
> hardened Tor Browser for Windows? Not everyone in the world is running
> Linux and not everyone can run Linux at work. I've been wondering about
> this for awhile. Any info would be appreciated. TIA.
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Hardened Tor Browser for Windows

[Mirimir]

On 10/17/2016 08:19 PM, I wrote:
>> From: miri...@riseup.net
> 
>> Maybe he did. Cite?
> 
> Did you just invent webcitation?

No, just curious.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Hardened Tor Browser for Windows

[I]

> From: miri...@riseup.net

> Maybe he did. Cite?

Did you just invent webcitation?


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Hardened Tor Browser for Windows

[George]

On 10/17/16 21:18, Mirimir wrote:
> On 10/17/2016 06:50 PM, I wrote:
>>
>>>
>>> Running Tor on Windows makes little sense, 
>>
>> Didn't Roger ask for more operating system diversity and mention Windows?
> 
> Maybe he did. Cite?
> 
> But nevertheless, in my opinion, Windows is too snoopy.
> 

The operating system diversity argument is most often focused on the
issue of relays and the overwhelming Linux monoculture there.

And while I don't touch Windows with any frequency and am not a fan of
so much of the Microsoft approach, I think the notion (not from the
original poster) that Windows users aren't relevant to a healthy Tor
ecosystem is dangerous.

The reality of anonymity is that quantity and accessibility, not just
diversity, are vital. And since the fact is that most desktop users
(discounting smart phones) are Windows users, I hardly think we can
build a large, dispersed universe of anonymity-seeking users with the
Linux desktop as the central vehicle. And Microsoft and its allies
aren't necessarily the most immediate and conscious adversaries to all
users.

Ordinary users who don't use Linux (or other perceived "acceptable" OSs)
are a vital component in the Tor network IMHO. Sure, open source is
vital, but reality is much uglier.

And let's be honest, a good portion of Linux desktop users are running
Ubuntu, which had its own "call back to the mothership" issues
(https://fixubuntu.com, eg).

In terms of workplace hardware, there are plenty of places where outside
devices are not welcomed.. although your smart phone is most likely a
workable alternative.


-- 



5F77 765E 40D6 5340 A0F5 3401 4997 FF11 A86F 44E2



signature.asc
Description: OpenPGP digital signature
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Hardened Tor Browser for Windows

[Mirimir]

On 10/17/2016 06:50 PM, I wrote:
> 
>>
>> Running Tor on Windows makes little sense, 
> 
> Didn't Roger ask for more operating system diversity and mention Windows?

Maybe he did. Cite?

But nevertheless, in my opinion, Windows is too snoopy.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Hardened Tor Browser for Windows

[I]

> 
> Running Tor on Windows makes little sense, 

Didn't Roger ask for more operating system diversity and mention Windows?



-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Hardened Tor Browser for Windows

[Mirimir]

On 10/17/2016 06:08 PM, Tamara West wrote:
> Excuse my ignorance but what exactly must happen for us to get a 64-bit
> hardened Tor Browser for Windows? Not everyone in the world is running
> Linux and not everyone can run Linux at work. I've been wondering about
> this for awhile. Any info would be appreciated. TIA.

Running Tor on Windows makes little sense, given how much activity gets
logged, and how much gets reported to Microsoft. If you must use
Windows, at least use VirtualBox and run Whonix. While there's no real
isolation from the host OS, it's better than nothing. Anyone can run
Linux at work, on their own hardware. And running Tor on employer-owned
hardware, without permission, may well get one fired.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Hardened Tor Browser for Windows

[Tamara West]

Excuse my ignorance but what exactly must happen for us to get a 64-bit
hardened Tor Browser for Windows? Not everyone in the world is running
Linux and not everyone can run Linux at work. I've been wondering about
this for awhile. Any info would be appreciated. TIA.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Tor 0.2.9.4-alpha is released

[Nick Mathewson]

Hi, all!  There is a new alpha release of the Tor source code, with
fixes for a security bug. You should probably upgrade as packages
become available.

(If you are about to reply saying "please take me off this list",
instead please follow these instructions:
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/
.  You will have to enter the actual email address you used to subscribe.)

You can download the source from the usual place on the website.
Packages should be up within a few days.

If you maintain an older version of Tor, you can find backported
patches for this fix at
https://trac.torproject.org/projects/tor/ticket/20384 .

(There is also a concurrent release of Tor 0.2.8.9; for stable
releases, see tor-announce@ or the blog.




Changes in version 0.2.9.4-alpha - 2016-10-17
  Tor 0.2.9.4-alpha fixes a security hole in previous versions of Tor
  that would allow a remote attacker to crash a Tor client, hidden
  service, relay, or authority. All Tor users should upgrade to this
  version, or to 0.2.8.9. Patches will be released for older versions
  of Tor.

  Tor 0.2.9.4-alpha also adds numerous small features and fix-ups to
  previous versions of Tor, including the implementation of a feature to
  future- proof the Tor ecosystem against protocol changes, some bug
  fixes necessary for Tor Browser to use unix domain sockets correctly,
  and several portability improvements. We anticipate that this will be
  the last alpha in the Tor 0.2.9 series, and that the next release will
  be a release candidate.

  o Major features (security fixes):
- Prevent a class of security bugs caused by treating the contents
  of a buffer chunk as if they were a NUL-terminated string. At
  least one such bug seems to be present in all currently used
  versions of Tor, and would allow an attacker to remotely crash
  most Tor instances, especially those compiled with extra compiler
  hardening. With this defense in place, such bugs can't crash Tor,
  though we should still fix them as they occur. Closes ticket
  20384 (TROVE-2016-10-001).

  o Major features (subprotocol versions):
- Tor directory authorities now vote on a set of recommended
  subprotocol versions, and on a set of required subprotocol
  versions. Clients and relays that lack support for a _required_
  subprotocol version will not start; those that lack support for a
  _recommended_ subprotocol version will warn the user to upgrade.
  Closes ticket 19958; implements part of proposal 264.
- Tor now uses "subprotocol versions" to indicate compatibility.
  Previously, versions of Tor looked at the declared Tor version of
  a relay to tell whether they could use a given feature. Now, they
  should be able to rely on its declared subprotocol versions. This
  change allows compatible implementations of the Tor protocol(s) to
  exist without pretending to be 100% bug-compatible with particular
  releases of Tor itself. Closes ticket 19958; implements part of
  proposal 264.

  o Minor feature (fallback directories):
- Remove broken fallbacks from the hard-coded fallback directory
  list. Closes ticket 20190; patch by teor.

  o Minor features (client, directory):
- Since authorities now omit all routers that lack the Running and
  Valid flags, we assume that any relay listed in the consensus must
  have those flags. Closes ticket 20001; implements part of
  proposal 272.

  o Minor features (compilation, portability):
- Compile correctly on MacOS 10.12 (aka "Sierra"). Closes
  ticket 20241.

  o Minor features (development tools, etags):
- Teach the "make tags" Makefile target how to correctly find
  "MOCK_IMPL" function definitions. Patch from nherring; closes
  ticket 16869.

  o Minor features (geoip):
- Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2
  Country database.

  o Minor features (unix domain sockets):
- When configuring a unix domain socket for a SocksPort,
  ControlPort, or Hidden service, you can now wrap the address in
  quotes, using C-style escapes inside the quotes. This allows unix
  domain socket paths to contain spaces.

  o Minor features (virtual addresses):
- Increase the maximum number of bits for the IPv6 virtual network
  prefix from 16 to 104. In this way, the condition for address
  allocation is less restrictive. Closes ticket 20151; feature
  on 0.2.4.7-alpha.

  o Minor bugfixes (address discovery):
- Stop reordering IP addresses returned by the OS. This makes it
  more likely that Tor will guess the same relay IP address every
  time. Fixes issue 20163; bugfix on 0.2.7.1-alpha, ticket 17027.
  Reported by René Mayrhofer, patch by "cypherpunks".

  o Minor bugfixes (client, unix domain sockets):
- Disable IsolateClientAddr when using AF_UNIX backed SocksPorts as
  the client address is 

Re: [tor-talk] ExcludeExitNodes doesn't take effect at all.

[Hongyi Zhao]

2016-10-17 20:23 GMT+08:00 Geoff Down :
>
>
> On Mon, Oct 17, 2016, at 02:49 AM, Hongyi Zhao wrote:
>> The command for obtaining the ExcludeExitNodes list is as follows:
>>
>> $ curl -s https://collector.torproject.org/recent/exit-lists/ | grep
>> -E -m1 'href=\"[0-9-]+\"' | tr '"' '\n' | grep -E '^[0-9-]+' | xargs
>> -r -I{} curl -s https://collector.torproject.org/recent/exit-lists/{}
>> | grep -Po '(\d+\.){3}\d+' | paste -sd,
>>
> It looks like you are extracting the IP addresses. It should be the
> fingerprints.

But, from the in-place manual page of tor, I can find the following description:

-
|   ExcludeExitNodes node,node,...
|   A list of identity fingerprints, country codes, and address
|   patterns of nodes to never use when picking an exit node---that is,
|   a node that delivers traffic for you outside the Tor network. Note
|   that any node listed in ExcludeNodes is automatically considered to
|   be part of this list too. See the ExcludeNodes option for more
|   information on how to specify nodes. See also the caveats on the
|   "ExitNodes" option below.
---

As you can see, all of the fingerprints, country codes, and address
patterns can be acceptable for using as ExcludeExitNodes.  Why you say
that: "It should be the fingerprints."?

As a result, I still cann't figure out what's the reason for my
original issue posted in this thread.

Regards

> GD
>
> --
> http://www.fastmail.com - Access all of your messages and folders
>   wherever you are
>



-- 
Hongyi Zhao 
Xinjiang Technical Institute of Physics and Chemistry
Chinese Academy of Sciences
GnuPG DSA: 0xD108493
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] ExcludeExitNodes doesn't take effect at all.

[Geoff Down]

On Mon, Oct 17, 2016, at 02:49 AM, Hongyi Zhao wrote:
> The command for obtaining the ExcludeExitNodes list is as follows:
> 
> $ curl -s https://collector.torproject.org/recent/exit-lists/ | grep
> -E -m1 'href=\"[0-9-]+\"' | tr '"' '\n' | grep -E '^[0-9-]+' | xargs
> -r -I{} curl -s https://collector.torproject.org/recent/exit-lists/{}
> | grep -Po '(\d+\.){3}\d+' | paste -sd,
> 
It looks like you are extracting the IP addresses. It should be the
fingerprints.
GD

-- 
http://www.fastmail.com - Access all of your messages and folders
  wherever you are

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] assign_to_cpuworker failed. Ignoring

[Udo van den Heuvel]

Hello,

I found my tor node consuming more CPU than normal since Oct 16
22:13:57.000 (CEST). Also the message form the subject line is logged
very often.
Memory consumption was higher too.
Restarting tor fixes the memory consumption as well as the logging issue
but the CPU load remains higher than usual.
What is happening?


Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk