Re: [tor-talk] Tor bridges over ICMP or DNS

[Andreas Krey]

On Thu, 07 Sep 2017 21:47:24 +, Ben Tasker wrote:
...
> > Same. Basically, you just need any bridge and a means to tunnel ssh,
> > and the you can 'ssh -L port:bridgeip:bridgeport', and configure
> > tor to use the bridge at localhost:port. This will work as long
> > as not too many people do it.
> >
> 
> In principle, yes. In practice, not so much. SSH to and from China can be
> an absolute pain even for low traffic levels (like, for example, a standard
> SSH session).

There is no plain ssh session on the net here - it is encapsulated in
DNS or ICMP, and supposedly the tunneling does its own flow control
(as in (self-plug) https://github.com/apk/udpmob).

> Sometimes it's might be deliberate interference, but most of
> the time it's a case of combining the headaches of TCP-over-TCP

There is no TCP-over-TCP here, not even TCP. (And no VPN.) The
connection to the bridge is port-forwarded in an SSH session
which in turn is tunneled via UDP/DNS/ICMP.

> Things like sshuttle (https://github.com/apenwarr/sshuttle)

The readme fails to say what it actually does. :-)

- Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Is there any societal use in Bitcoin?

[Scott MacLeod]

Carlo,

Thanks ... let's see how bitcoin in combination with the blockchain ledger
for health care and possible resource distribution develops ... and
potentially country by country, nation state by nation state, language by
language and legal system by legal system ...

Scott


On Thu, Sep 7, 2017 at 2:43 AM, carlo von lynX 
wrote:

> On Tue, Sep 05, 2017 at 08:50:20AM +0200, Jon Tullett wrote:
> > > This is still an alpha release
> > > * Exchange implements the full Taler protocol, but does not integrate
> with traditional banking systems
> > > * No integration with "real" banks, so only toy currencies are
> available for now.
> > > * Documentation, testing, error handling and performance still need to
> be improved.
> >
> > That has NOPE NOPE NOPE written all over it for me, I'm afraid. I'm
>
> When Linus first published his new kernel prototype, that too had
> NOPE NOPE NOPE written all over it for you?
>
> > sure it's very clever, but until one of the release notes says "You
> > can now safely transfer funds from one bank to another", I'll stick
> > with established options (which include BTC, just not for spot forex
> > xfers).
>
> Of course taler as a taxable micropayment system only works if
> it actually has any currency attached to it. The point is to
> make it clear that the option exists and we merely need to
> convince some banks and politicians to offer a societally
> reasonable alternative to BTC by adopting this. You are
> speaking as if these were unsurmountable hurdles and
> politicians weren't human beings.  :)
>
> On Tue, Sep 05, 2017 at 09:23:19AM -0700, Scott MacLeod wrote:
> > World University and School (which is like Wikipedia in 295 languages
> with
> > CC MIT OCW in 7 languages and CC Yale OYC) is taking an all ~200
> countries'
> > official languages' approach to developing blockchain / bitcoin ... but
>
> Sounds like something so big it's unbelievable I never heard of it...
>
> > planning too for health care data, for example, in the blockchain -
> > http://scott-macleod.blogspot.com/2017/08/sustainability-
> universal-basic-income.html
>
> Did you read my post and its doubts on the feasability of non-statal UBI?
>
>   "And an universal basic income emphasizing the >universal< of 7.5
> billion people - coding and database-wise - and building on the block chain
> ledger / bit coin, with artificial intelligence and machine learning and
> machine translation, is an amazing coding, information technology, and
> helping opportunity (and hopefully all ~200 nation states will provide the
> financial resources for the UBI for all 7.5 billion people) ... (emerging
> from their tax IDs or social security number equivalents in each of all
> ~200-250 nation states, and possibly from people's drivers' licenses, and
> also connected with their smart phones ... and, conceivably, eventually
> even as part of their bodyminds with a chip or similar ... )."
>
> This all doesn't sound exactly reassuring, but regarding the key
> phrase "and hopefully all ~200 nation states will provide the
> financial resources for the UBI" ...
>
> 1. why on Earth would they do so if UBI is still heavily disputed
> 2. why on Earth would they want to use a flaky anarchist currency
>if they can simply do a bank transfer or use any other type of
>efficient and scalable digital payment to each of their citizen?
> 3. when and where will you discuss that being able to finance a
>UBI actually implies dramatic changes to the taxation system
>and the economy of each of the ~200 nation states?
>
> So, given that (1) and (3) are the actually difficult challenges
> in this scenario, focusing on (2) as if it were a solution to the
> other two appears quite... out of touch with realism.
>
> Since you published your tor-talk post on your website, will you
> also publish a link to the criticism that led you to write your
> post and continue the discourse on your website by including these
> new paragraphs of mine?
>
> By the way, I have written several positive posts on the feasibility
> of CUBI (cumulative unconditional basic income) on my.pages.de - but
> they have nothing to do with blockchains since the State is funda-
> mental for making it work, therefore there is no gain in using
> anti-statal distribution methods: you're not shaking off the
> dependency on a functional governmental apparatus anyway.
>
> But let us not end up in a UBI discussion which is highly OT for
> tor-talk, and stick firmly on the question whether there are
> ethical use cases of bitcoin which legitimize it threatening the
> future of Tor and other civil rights networks, unjustly framed
> as "darknets". So far I don't see any reason why Tor should
> defend Bitcoin and risk collapsing politically under its weight.
> Tor should be a civil rights network, not a criminality network.
>
>
> --
>   E-mail is public! Talk to me in private using encryption:
>  http://loupsycedyglgamf.onion/LynX/
>   

[tor-talk] Help us build Tails 3.2~alpha1 build reproducibly

[anonym]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear Tails and Tor contributors,
dear Reproducible Builds community,

We have sent out a first call [1] for testing to build Tails 3.1 reproducibly
and we have received some build reports. Thank you very much for your help! We
have since then tried to fix most of the identified issues [2] in Tails
3.2~alpha1, and thus we'd kindly like to ask you to try to build the new ISO
image again, or even for the first time. Please don't hesitate to contact us
if you get stuck at some point in the process, for example by connecting to our
chatroom [3]! You can also send us email to tails-dev at boum.org (public) or
tails at boum.org (private).

Note that Tails 3.2~alpha1 is *not* recommended for real usage, since it has
not gone through *any* QA. Please use Tails 3.1 instead until Tails 3.2 is
released!

# How?

For your convenience all instructions needed to attempt to reproduce
Tails 3.2~alpha1 are included hereafter. However all commands are
adapted for Debian Stretch (and Buster/Sid), so your results may vary if
you run another Linux distribution. Our full build instructions [4]
might help if you are having problems.

## Setup the build environment

Building Tails requires the KVM virtual machine hypervisor to be
available, a minimum of 1 GiB of free RAM and a maximum of 20 GB of
free storage.

### Install dependencies

sudo apt-get install \
git \
rake \
libvirt-daemon-system \
dnsmasq-base \
ebtables \
qemu-system-x86 \
qemu-utils \
vagrant \
vagrant-libvirt \
vmdebootstrap && \
sudo systemctl restart libvirtd

### If building as a non-root user

(Skip this section if you intend to build Tails as the root user!)

Make sure that the user that is supposed to initiate the build is part
of the relevant groups:

for group in kvm libvirt libvirt-qemu; do sudo adduser $user $group; done

Then run `newgrp` (or just reboot) to apply the new group memberships
to the session.

## Build Tails 3.2~alpha1

git clone https://git-tails.immerda.ch/tails
cd tails
git checkout 3.2~alpha1
git submodule update --init
rake build

# Send us feedback!

No matter how your build attempt turned out we are interested in you
sending us feedback. For that we'll first need some information of the
system you used -- please run these commands in the exact same
terminal session that you ran `rake build` in (e.g. run them right
after `rake build`)!

sudo apt install apt-show-versions || :
(
  for f in /etc/issue /proc/cpuinfo
  do
echo "--- File: ${f} ---"
cat "${f}"
echo
  done
  for c in free locale env 'uname -a' '/usr/sbin/libvirtd --version' \
'qemu-system-x86_64 --version' 'vagrant --version'
  do
echo "--- Command: ${c} ---"
eval "${c}"
echo
  done
  if which apt-show-versions >/dev/null
  then
echo '--- APT package versions ---'
apt-show-versions qemu:amd64 linux-image-amd64:amd64 vagrant \
  libvirt0:amd64
  fi
) | bzip2 > system-info.txt.bz2

Please have a look at the generated file with

bzless system-info.txt.bz2

to make sure it doesn't contain any sensitive information you do not
want to leak in case you send this file to us or make it public!

Next, please follow the instructions below that match your situation!

## If the build failed.

Please open a ticket on our bug tracker [5] with "Category" set to
"Build system" and `system-info.txt.bz2` attached (note that this makes
this file public).

## If the build succeeded ...

Please compute the SHA-512 checksum of the resulting ISO image:

sha512sum tails-amd64-3.2~alpha1.iso

and compare it to:


1c928336264fc44821562f2fffbda4da97dcdc38072fce58f55b749fde04ac60055273cfc021b6c57120c5d276980859ffa3a5b0bd0f9c98851f34b682a09b02
  tails-amd64-3.2~alpha1.iso

Bonus points if you verify the signed (with: [8]) message containing
the checksum below (note that manually inserted line-wraps marked with
"`\`"). If you run Tails, the verification is very easy! :) [9]

- -BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

$ sha512sum tails-amd64-3.2~alpha1.iso
1c928336264fc44821562f2fffbda4da97dcdc38072fce58f55b749f \
de04ac60055273cfc021b6c57120c5d276980859ffa3a5b0bd0f9c98 \
851f34b682a09b02  tails-amd64-3.2~alpha1.iso

- -BEGIN PGP SIGNATURE-

iQJDBAEBCgAtFiEEuiwiL0SsAO2YmTiTmP7GvHUqPbYFAlmxqwAPHHRhaWxzQGJv
dW0ub3JnAAoJEJj+xrx1Kj22RgAP/0auINj6Y5svR7DfeRF8HxPdnd2Rw/8VIiaM
isN3eQoAmNGUtEe50b9VXY+UidCdWtApbZbyZPKFz9ITJOxp0XeSGS8K2+Y0PZIx
NSIEYCx2LEWlzY96ivH2B4pboeq2TIzj/VkPLISYGc80CYRT32OzMRkDDcQn+3+Y
2dkGVf1HPvreZ7c7cUfozay4TNPhKrn2p5IZp1jHgpiq8aAYIv5jcubR//lm1W3S
Ol/IpTQrxzCShJHzsCh1l6/7zLSx5Dv8ITTEIHTj2OTCsZdAcFnznB4byaHVfVQ0
jSogb+b2J6skNhlsHtX2Jo9xK6Ni9NKsCzYYQ2KgWufC93Cvpmh5J164CqkI/DEd
ixe/KbFURP9sTzEL38ExS2DVbMvFvYTmmBmWzvU3USMo0nWfaErye2RIs4yB2pM6

Re: [tor-talk] Tor bridges over ICMP or DNS

[Ben Tasker]

On Thu, Sep 7, 2017 at 7:48 PM, Andreas Krey  wrote:

> On Thu, 07 Sep 2017 13:32:35 +, Roman Mamedov wrote:
> > Hello,
> >
> > Has anyone considered making a Tor bridge protocol with ICMP as
> transport?
>
> Probably.
>
> > Or tunneling over DNS?
>
> Same. Basically, you just need any bridge and a means to tunnel ssh,
> and the you can 'ssh -L port:bridgeip:bridgeport', and configure
> tor to use the bridge at localhost:port. This will work as long
> as not too many people do it.
>

In principle, yes. In practice, not so much. SSH to and from China can be
an absolute pain even for low traffic levels (like, for example, a standard
SSH session). Sometimes it's might be deliberate interference, but most of
the time it's a case of combining the headaches of TCP-over-TCP with a
massively busy (and underpowered for the traffic) system like the GFW.

Things like sshuttle (https://github.com/apenwarr/sshuttle) help a bit (as
it addresses the TCP-over-TCP limitations) but it's still pretty bad
transiting the GFW (I do so pretty regularly).


>
> The problem is that the chinese have enough manpower to
> write detectors for any protocol that is widely deployed,
>

It's worse than that, they also make heavy use of machine learning. So over
time the system realises that a lot of data seems to be going out over port
65532 (or whatever) to a specific subnet, so they start taking a much
closer look (and in some cases just start blocking/interfering
automatically)


> or they simply block IPs that they see widely in use for
> either kind of tunnels and suspect tor usage. Means,
> anything in common use by the tor browser will get blocked.
>
> The only exception is when the blocking would cause
> unacceptable collateral damage as with the meek bridges.
>
> DNS and ICMP particularly stand out.
>
> Andreas
>
> --
> "Totally trivial. Famous last words."
> From: Linus Torvalds 
> Date: Fri, 22 Jan 2010 07:29:21 -0800
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>



-- 
Ben Tasker
https://www.bentasker.co.uk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor bridges over ICMP or DNS

[Andreas Krey]

On Thu, 07 Sep 2017 13:32:35 +, Roman Mamedov wrote:
> Hello,
> 
> Has anyone considered making a Tor bridge protocol with ICMP as transport?

Probably.

> Or tunneling over DNS?

Same. Basically, you just need any bridge and a means to tunnel ssh,
and the you can 'ssh -L port:bridgeip:bridgeport', and configure
tor to use the bridge at localhost:port. This will work as long
as not too many people do it.

The problem is that the chinese have enough manpower to
write detectors for any protocol that is widely deployed,
or they simply block IPs that they see widely in use for
either kind of tunnels and suspect tor usage. Means,
anything in common use by the tor browser will get blocked.

The only exception is when the blocking would cause
unacceptable collateral damage as with the meek bridges.

DNS and ICMP particularly stand out.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] [warn] assign_to_cpuworker failed. Ignoring.

[Udo van den Heuvel]

Hello,

This is not the first occurrence of this warning.
Even shortly after restarting it reappeared.
What does `[warn] assign_to_cpuworker failed. Ignoring.` mean?
Why does this happen?
How can we avoid it?

Kind regards,
Udo
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor bridges over ICMP or DNS

[Duncan]

Hi,

Roman Mamedov:
> Hello,
> 
> Has anyone considered making a Tor bridge protocol with ICMP as transport?
> https://github.com/DhavalKapil/icmptunnel
> http://www.mit.edu/afs.new/sipb/user/golem/tmp/ptunnel-0.61.orig/web/
> http://thomer.com/icmptx/
> http://code.gerade.org/hans/
> 
> Or tunneling over DNS?
> http://code.kryo.se/iodine/
> http://thomer.com/howtos/nstx.html
> http://analogbit.com/2008/07/27/tcp-over-dns-tunnel-software-howto/
> 
> The current OBFS3/OBFS4 seem to have proven ineffective (as there is nearly
> zero Tor bridge use in China), so perhaps there needs to be something more
> stealthy.
> 

I just want to point out that the aim of bridges isn't necessarily to be
"stealthy" and hide traffic - that's really difficult.

In fact, the most successful pluggable transport in China happens to be
Meek on Azure, which works from the principle that it's difficult to
block extremely large content delivery networks (in this case,
Microsoft's Azure). This isn't stealthy in the slightest!

Best,
Duncan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Is there any societal use in Bitcoin?

[Jon Tullett]

On 7 September 2017 at 11:43, carlo von lynX
 wrote:
> On Tue, Sep 05, 2017 at 08:50:20AM +0200, Jon Tullett wrote:
>> > This is still an alpha release
>> > * Exchange implements the full Taler protocol, but does not integrate with 
>> > traditional banking systems
>> > * No integration with "real" banks, so only toy currencies are available 
>> > for now.
>> > * Documentation, testing, error handling and performance still need to be 
>> > improved.
>>
>> That has NOPE NOPE NOPE written all over it for me, I'm afraid. I'm
>
> When Linus first published his new kernel prototype, that too had
> NOPE NOPE NOPE written all over it for you?

Very much so. It was a toy back then, and Linus was upfront about
that. Remember "it won't be big and professional like GNU"?

From first announcement to me running production workloads of any sort
on Linux was about a decade. I'm sure the Taler guys are hoping to be
out of alpha somewhat faster than that :)

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Is there any societal use in Bitcoin?

[carlo von lynX]

On Tue, Sep 05, 2017 at 08:50:20AM +0200, Jon Tullett wrote:
> > This is still an alpha release
> > * Exchange implements the full Taler protocol, but does not integrate with 
> > traditional banking systems
> > * No integration with "real" banks, so only toy currencies are available 
> > for now.
> > * Documentation, testing, error handling and performance still need to be 
> > improved.
> 
> That has NOPE NOPE NOPE written all over it for me, I'm afraid. I'm

When Linus first published his new kernel prototype, that too had
NOPE NOPE NOPE written all over it for you?

> sure it's very clever, but until one of the release notes says "You
> can now safely transfer funds from one bank to another", I'll stick
> with established options (which include BTC, just not for spot forex
> xfers).

Of course taler as a taxable micropayment system only works if
it actually has any currency attached to it. The point is to
make it clear that the option exists and we merely need to
convince some banks and politicians to offer a societally
reasonable alternative to BTC by adopting this. You are
speaking as if these were unsurmountable hurdles and
politicians weren't human beings.  :)

On Tue, Sep 05, 2017 at 09:23:19AM -0700, Scott MacLeod wrote:
> World University and School (which is like Wikipedia in 295 languages with
> CC MIT OCW in 7 languages and CC Yale OYC) is taking an all ~200 countries'
> official languages' approach to developing blockchain / bitcoin ... but

Sounds like something so big it's unbelievable I never heard of it...

> planning too for health care data, for example, in the blockchain -
> http://scott-macleod.blogspot.com/2017/08/sustainability-universal-basic-income.html

Did you read my post and its doubts on the feasability of non-statal UBI?

  "And an universal basic income emphasizing the >universal< of 7.5 billion 
people - coding and database-wise - and building on the block chain ledger / 
bit coin, with artificial intelligence and machine learning and machine 
translation, is an amazing coding, information technology, and helping 
opportunity (and hopefully all ~200 nation states will provide the financial 
resources for the UBI for all 7.5 billion people) ... (emerging from their tax 
IDs or social security number equivalents in each of all ~200-250 nation 
states, and possibly from people's drivers' licenses, and also connected with 
their smart phones ... and, conceivably, eventually even as part of their 
bodyminds with a chip or similar ... )."

This all doesn't sound exactly reassuring, but regarding the key
phrase "and hopefully all ~200 nation states will provide the
financial resources for the UBI" ...

1. why on Earth would they do so if UBI is still heavily disputed
2. why on Earth would they want to use a flaky anarchist currency
   if they can simply do a bank transfer or use any other type of
   efficient and scalable digital payment to each of their citizen?
3. when and where will you discuss that being able to finance a
   UBI actually implies dramatic changes to the taxation system
   and the economy of each of the ~200 nation states?

So, given that (1) and (3) are the actually difficult challenges
in this scenario, focusing on (2) as if it were a solution to the
other two appears quite... out of touch with realism.

Since you published your tor-talk post on your website, will you
also publish a link to the criticism that led you to write your
post and continue the discourse on your website by including these
new paragraphs of mine?

By the way, I have written several positive posts on the feasibility
of CUBI (cumulative unconditional basic income) on my.pages.de - but
they have nothing to do with blockchains since the State is funda-
mental for making it work, therefore there is no gain in using
anti-statal distribution methods: you're not shaking off the
dependency on a functional governmental apparatus anyway.

But let us not end up in a UBI discussion which is highly OT for
tor-talk, and stick firmly on the question whether there are
ethical use cases of bitcoin which legitimize it threatening the
future of Tor and other civil rights networks, unjustly framed
as "darknets". So far I don't see any reason why Tor should
defend Bitcoin and risk collapsing politically under its weight.
Tor should be a civil rights network, not a criminality network.


-- 
  E-mail is public! Talk to me in private using encryption:
 http://loupsycedyglgamf.onion/LynX/
  irc://loupsycedyglgamf.onion:67/lynX
 https://psyced.org:34443/LynX/
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Tor bridges over ICMP or DNS

[Roman Mamedov]

Hello,

Has anyone considered making a Tor bridge protocol with ICMP as transport?
https://github.com/DhavalKapil/icmptunnel
http://www.mit.edu/afs.new/sipb/user/golem/tmp/ptunnel-0.61.orig/web/
http://thomer.com/icmptx/
http://code.gerade.org/hans/

Or tunneling over DNS?
http://code.kryo.se/iodine/
http://thomer.com/howtos/nstx.html
http://analogbit.com/2008/07/27/tcp-over-dns-tunnel-software-howto/

The current OBFS3/OBFS4 seem to have proven ineffective (as there is nearly
zero Tor bridge use in China), so perhaps there needs to be something more
stealthy.

-- 
With respect,
Roman
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk