Re: [tor-talk] Tor bridges over ICMP or DNS
On Thu, 07 Sep 2017 21:47:24 +, Ben Tasker wrote: ... > > Same. Basically, you just need any bridge and a means to tunnel ssh, > > and the you can 'ssh -L port:bridgeip:bridgeport', and configure > > tor to use the bridge at localhost:port. This will work as long > > as not too many people do it. > > > > In principle, yes. In practice, not so much. SSH to and from China can be > an absolute pain even for low traffic levels (like, for example, a standard > SSH session). There is no plain ssh session on the net here - it is encapsulated in DNS or ICMP, and supposedly the tunneling does its own flow control (as in (self-plug) https://github.com/apk/udpmob). > Sometimes it's might be deliberate interference, but most of > the time it's a case of combining the headaches of TCP-over-TCP There is no TCP-over-TCP here, not even TCP. (And no VPN.) The connection to the bridge is port-forwarded in an SSH session which in turn is tunneled via UDP/DNS/ICMP. > Things like sshuttle (https://github.com/apenwarr/sshuttle) The readme fails to say what it actually does. :-) - Andreas -- "Totally trivial. Famous last words." From: Linus TorvaldsDate: Fri, 22 Jan 2010 07:29:21 -0800 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Is there any societal use in Bitcoin?
Carlo, Thanks ... let's see how bitcoin in combination with the blockchain ledger for health care and possible resource distribution develops ... and potentially country by country, nation state by nation state, language by language and legal system by legal system ... Scott On Thu, Sep 7, 2017 at 2:43 AM, carlo von lynXwrote: > On Tue, Sep 05, 2017 at 08:50:20AM +0200, Jon Tullett wrote: > > > This is still an alpha release > > > * Exchange implements the full Taler protocol, but does not integrate > with traditional banking systems > > > * No integration with "real" banks, so only toy currencies are > available for now. > > > * Documentation, testing, error handling and performance still need to > be improved. > > > > That has NOPE NOPE NOPE written all over it for me, I'm afraid. I'm > > When Linus first published his new kernel prototype, that too had > NOPE NOPE NOPE written all over it for you? > > > sure it's very clever, but until one of the release notes says "You > > can now safely transfer funds from one bank to another", I'll stick > > with established options (which include BTC, just not for spot forex > > xfers). > > Of course taler as a taxable micropayment system only works if > it actually has any currency attached to it. The point is to > make it clear that the option exists and we merely need to > convince some banks and politicians to offer a societally > reasonable alternative to BTC by adopting this. You are > speaking as if these were unsurmountable hurdles and > politicians weren't human beings. :) > > On Tue, Sep 05, 2017 at 09:23:19AM -0700, Scott MacLeod wrote: > > World University and School (which is like Wikipedia in 295 languages > with > > CC MIT OCW in 7 languages and CC Yale OYC) is taking an all ~200 > countries' > > official languages' approach to developing blockchain / bitcoin ... but > > Sounds like something so big it's unbelievable I never heard of it... > > > planning too for health care data, for example, in the blockchain - > > http://scott-macleod.blogspot.com/2017/08/sustainability- > universal-basic-income.html > > Did you read my post and its doubts on the feasability of non-statal UBI? > > "And an universal basic income emphasizing the >universal< of 7.5 > billion people - coding and database-wise - and building on the block chain > ledger / bit coin, with artificial intelligence and machine learning and > machine translation, is an amazing coding, information technology, and > helping opportunity (and hopefully all ~200 nation states will provide the > financial resources for the UBI for all 7.5 billion people) ... (emerging > from their tax IDs or social security number equivalents in each of all > ~200-250 nation states, and possibly from people's drivers' licenses, and > also connected with their smart phones ... and, conceivably, eventually > even as part of their bodyminds with a chip or similar ... )." > > This all doesn't sound exactly reassuring, but regarding the key > phrase "and hopefully all ~200 nation states will provide the > financial resources for the UBI" ... > > 1. why on Earth would they do so if UBI is still heavily disputed > 2. why on Earth would they want to use a flaky anarchist currency >if they can simply do a bank transfer or use any other type of >efficient and scalable digital payment to each of their citizen? > 3. when and where will you discuss that being able to finance a >UBI actually implies dramatic changes to the taxation system >and the economy of each of the ~200 nation states? > > So, given that (1) and (3) are the actually difficult challenges > in this scenario, focusing on (2) as if it were a solution to the > other two appears quite... out of touch with realism. > > Since you published your tor-talk post on your website, will you > also publish a link to the criticism that led you to write your > post and continue the discourse on your website by including these > new paragraphs of mine? > > By the way, I have written several positive posts on the feasibility > of CUBI (cumulative unconditional basic income) on my.pages.de - but > they have nothing to do with blockchains since the State is funda- > mental for making it work, therefore there is no gain in using > anti-statal distribution methods: you're not shaking off the > dependency on a functional governmental apparatus anyway. > > But let us not end up in a UBI discussion which is highly OT for > tor-talk, and stick firmly on the question whether there are > ethical use cases of bitcoin which legitimize it threatening the > future of Tor and other civil rights networks, unjustly framed > as "darknets". So far I don't see any reason why Tor should > defend Bitcoin and risk collapsing politically under its weight. > Tor should be a civil rights network, not a criminality network. > > > -- > E-mail is public! Talk to me in private using encryption: > http://loupsycedyglgamf.onion/LynX/ >
[tor-talk] Help us build Tails 3.2~alpha1 build reproducibly
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Tails and Tor contributors, dear Reproducible Builds community, We have sent out a first call [1] for testing to build Tails 3.1 reproducibly and we have received some build reports. Thank you very much for your help! We have since then tried to fix most of the identified issues [2] in Tails 3.2~alpha1, and thus we'd kindly like to ask you to try to build the new ISO image again, or even for the first time. Please don't hesitate to contact us if you get stuck at some point in the process, for example by connecting to our chatroom [3]! You can also send us email to tails-dev at boum.org (public) or tails at boum.org (private). Note that Tails 3.2~alpha1 is *not* recommended for real usage, since it has not gone through *any* QA. Please use Tails 3.1 instead until Tails 3.2 is released! # How? For your convenience all instructions needed to attempt to reproduce Tails 3.2~alpha1 are included hereafter. However all commands are adapted for Debian Stretch (and Buster/Sid), so your results may vary if you run another Linux distribution. Our full build instructions [4] might help if you are having problems. ## Setup the build environment Building Tails requires the KVM virtual machine hypervisor to be available, a minimum of 1 GiB of free RAM and a maximum of 20 GB of free storage. ### Install dependencies sudo apt-get install \ git \ rake \ libvirt-daemon-system \ dnsmasq-base \ ebtables \ qemu-system-x86 \ qemu-utils \ vagrant \ vagrant-libvirt \ vmdebootstrap && \ sudo systemctl restart libvirtd ### If building as a non-root user (Skip this section if you intend to build Tails as the root user!) Make sure that the user that is supposed to initiate the build is part of the relevant groups: for group in kvm libvirt libvirt-qemu; do sudo adduser $user $group; done Then run `newgrp` (or just reboot) to apply the new group memberships to the session. ## Build Tails 3.2~alpha1 git clone https://git-tails.immerda.ch/tails cd tails git checkout 3.2~alpha1 git submodule update --init rake build # Send us feedback! No matter how your build attempt turned out we are interested in you sending us feedback. For that we'll first need some information of the system you used -- please run these commands in the exact same terminal session that you ran `rake build` in (e.g. run them right after `rake build`)! sudo apt install apt-show-versions || : ( for f in /etc/issue /proc/cpuinfo do echo "--- File: ${f} ---" cat "${f}" echo done for c in free locale env 'uname -a' '/usr/sbin/libvirtd --version' \ 'qemu-system-x86_64 --version' 'vagrant --version' do echo "--- Command: ${c} ---" eval "${c}" echo done if which apt-show-versions >/dev/null then echo '--- APT package versions ---' apt-show-versions qemu:amd64 linux-image-amd64:amd64 vagrant \ libvirt0:amd64 fi ) | bzip2 > system-info.txt.bz2 Please have a look at the generated file with bzless system-info.txt.bz2 to make sure it doesn't contain any sensitive information you do not want to leak in case you send this file to us or make it public! Next, please follow the instructions below that match your situation! ## If the build failed. Please open a ticket on our bug tracker [5] with "Category" set to "Build system" and `system-info.txt.bz2` attached (note that this makes this file public). ## If the build succeeded ... Please compute the SHA-512 checksum of the resulting ISO image: sha512sum tails-amd64-3.2~alpha1.iso and compare it to: 1c928336264fc44821562f2fffbda4da97dcdc38072fce58f55b749fde04ac60055273cfc021b6c57120c5d276980859ffa3a5b0bd0f9c98851f34b682a09b02 tails-amd64-3.2~alpha1.iso Bonus points if you verify the signed (with: [8]) message containing the checksum below (note that manually inserted line-wraps marked with "`\`"). If you run Tails, the verification is very easy! :) [9] - -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 $ sha512sum tails-amd64-3.2~alpha1.iso 1c928336264fc44821562f2fffbda4da97dcdc38072fce58f55b749f \ de04ac60055273cfc021b6c57120c5d276980859ffa3a5b0bd0f9c98 \ 851f34b682a09b02 tails-amd64-3.2~alpha1.iso - -BEGIN PGP SIGNATURE- iQJDBAEBCgAtFiEEuiwiL0SsAO2YmTiTmP7GvHUqPbYFAlmxqwAPHHRhaWxzQGJv dW0ub3JnAAoJEJj+xrx1Kj22RgAP/0auINj6Y5svR7DfeRF8HxPdnd2Rw/8VIiaM isN3eQoAmNGUtEe50b9VXY+UidCdWtApbZbyZPKFz9ITJOxp0XeSGS8K2+Y0PZIx NSIEYCx2LEWlzY96ivH2B4pboeq2TIzj/VkPLISYGc80CYRT32OzMRkDDcQn+3+Y 2dkGVf1HPvreZ7c7cUfozay4TNPhKrn2p5IZp1jHgpiq8aAYIv5jcubR//lm1W3S Ol/IpTQrxzCShJHzsCh1l6/7zLSx5Dv8ITTEIHTj2OTCsZdAcFnznB4byaHVfVQ0 jSogb+b2J6skNhlsHtX2Jo9xK6Ni9NKsCzYYQ2KgWufC93Cvpmh5J164CqkI/DEd ixe/KbFURP9sTzEL38ExS2DVbMvFvYTmmBmWzvU3USMo0nWfaErye2RIs4yB2pM6
Re: [tor-talk] Tor bridges over ICMP or DNS
On Thu, Sep 7, 2017 at 7:48 PM, Andreas Kreywrote: > On Thu, 07 Sep 2017 13:32:35 +, Roman Mamedov wrote: > > Hello, > > > > Has anyone considered making a Tor bridge protocol with ICMP as > transport? > > Probably. > > > Or tunneling over DNS? > > Same. Basically, you just need any bridge and a means to tunnel ssh, > and the you can 'ssh -L port:bridgeip:bridgeport', and configure > tor to use the bridge at localhost:port. This will work as long > as not too many people do it. > In principle, yes. In practice, not so much. SSH to and from China can be an absolute pain even for low traffic levels (like, for example, a standard SSH session). Sometimes it's might be deliberate interference, but most of the time it's a case of combining the headaches of TCP-over-TCP with a massively busy (and underpowered for the traffic) system like the GFW. Things like sshuttle (https://github.com/apenwarr/sshuttle) help a bit (as it addresses the TCP-over-TCP limitations) but it's still pretty bad transiting the GFW (I do so pretty regularly). > > The problem is that the chinese have enough manpower to > write detectors for any protocol that is widely deployed, > It's worse than that, they also make heavy use of machine learning. So over time the system realises that a lot of data seems to be going out over port 65532 (or whatever) to a specific subnet, so they start taking a much closer look (and in some cases just start blocking/interfering automatically) > or they simply block IPs that they see widely in use for > either kind of tunnels and suspect tor usage. Means, > anything in common use by the tor browser will get blocked. > > The only exception is when the blocking would cause > unacceptable collateral damage as with the meek bridges. > > DNS and ICMP particularly stand out. > > Andreas > > -- > "Totally trivial. Famous last words." > From: Linus Torvalds > Date: Fri, 22 Jan 2010 07:29:21 -0800 > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- Ben Tasker https://www.bentasker.co.uk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor bridges over ICMP or DNS
On Thu, 07 Sep 2017 13:32:35 +, Roman Mamedov wrote: > Hello, > > Has anyone considered making a Tor bridge protocol with ICMP as transport? Probably. > Or tunneling over DNS? Same. Basically, you just need any bridge and a means to tunnel ssh, and the you can 'ssh -L port:bridgeip:bridgeport', and configure tor to use the bridge at localhost:port. This will work as long as not too many people do it. The problem is that the chinese have enough manpower to write detectors for any protocol that is widely deployed, or they simply block IPs that they see widely in use for either kind of tunnels and suspect tor usage. Means, anything in common use by the tor browser will get blocked. The only exception is when the blocking would cause unacceptable collateral damage as with the meek bridges. DNS and ICMP particularly stand out. Andreas -- "Totally trivial. Famous last words." From: Linus TorvaldsDate: Fri, 22 Jan 2010 07:29:21 -0800 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] [warn] assign_to_cpuworker failed. Ignoring.
Hello, This is not the first occurrence of this warning. Even shortly after restarting it reappeared. What does `[warn] assign_to_cpuworker failed. Ignoring.` mean? Why does this happen? How can we avoid it? Kind regards, Udo -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor bridges over ICMP or DNS
Hi, Roman Mamedov: > Hello, > > Has anyone considered making a Tor bridge protocol with ICMP as transport? > https://github.com/DhavalKapil/icmptunnel > http://www.mit.edu/afs.new/sipb/user/golem/tmp/ptunnel-0.61.orig/web/ > http://thomer.com/icmptx/ > http://code.gerade.org/hans/ > > Or tunneling over DNS? > http://code.kryo.se/iodine/ > http://thomer.com/howtos/nstx.html > http://analogbit.com/2008/07/27/tcp-over-dns-tunnel-software-howto/ > > The current OBFS3/OBFS4 seem to have proven ineffective (as there is nearly > zero Tor bridge use in China), so perhaps there needs to be something more > stealthy. > I just want to point out that the aim of bridges isn't necessarily to be "stealthy" and hide traffic - that's really difficult. In fact, the most successful pluggable transport in China happens to be Meek on Azure, which works from the principle that it's difficult to block extremely large content delivery networks (in this case, Microsoft's Azure). This isn't stealthy in the slightest! Best, Duncan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Is there any societal use in Bitcoin?
On 7 September 2017 at 11:43, carlo von lynXwrote: > On Tue, Sep 05, 2017 at 08:50:20AM +0200, Jon Tullett wrote: >> > This is still an alpha release >> > * Exchange implements the full Taler protocol, but does not integrate with >> > traditional banking systems >> > * No integration with "real" banks, so only toy currencies are available >> > for now. >> > * Documentation, testing, error handling and performance still need to be >> > improved. >> >> That has NOPE NOPE NOPE written all over it for me, I'm afraid. I'm > > When Linus first published his new kernel prototype, that too had > NOPE NOPE NOPE written all over it for you? Very much so. It was a toy back then, and Linus was upfront about that. Remember "it won't be big and professional like GNU"? From first announcement to me running production workloads of any sort on Linux was about a decade. I'm sure the Taler guys are hoping to be out of alpha somewhat faster than that :) -J -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Is there any societal use in Bitcoin?
On Tue, Sep 05, 2017 at 08:50:20AM +0200, Jon Tullett wrote: > > This is still an alpha release > > * Exchange implements the full Taler protocol, but does not integrate with > > traditional banking systems > > * No integration with "real" banks, so only toy currencies are available > > for now. > > * Documentation, testing, error handling and performance still need to be > > improved. > > That has NOPE NOPE NOPE written all over it for me, I'm afraid. I'm When Linus first published his new kernel prototype, that too had NOPE NOPE NOPE written all over it for you? > sure it's very clever, but until one of the release notes says "You > can now safely transfer funds from one bank to another", I'll stick > with established options (which include BTC, just not for spot forex > xfers). Of course taler as a taxable micropayment system only works if it actually has any currency attached to it. The point is to make it clear that the option exists and we merely need to convince some banks and politicians to offer a societally reasonable alternative to BTC by adopting this. You are speaking as if these were unsurmountable hurdles and politicians weren't human beings. :) On Tue, Sep 05, 2017 at 09:23:19AM -0700, Scott MacLeod wrote: > World University and School (which is like Wikipedia in 295 languages with > CC MIT OCW in 7 languages and CC Yale OYC) is taking an all ~200 countries' > official languages' approach to developing blockchain / bitcoin ... but Sounds like something so big it's unbelievable I never heard of it... > planning too for health care data, for example, in the blockchain - > http://scott-macleod.blogspot.com/2017/08/sustainability-universal-basic-income.html Did you read my post and its doubts on the feasability of non-statal UBI? "And an universal basic income emphasizing the >universal< of 7.5 billion people - coding and database-wise - and building on the block chain ledger / bit coin, with artificial intelligence and machine learning and machine translation, is an amazing coding, information technology, and helping opportunity (and hopefully all ~200 nation states will provide the financial resources for the UBI for all 7.5 billion people) ... (emerging from their tax IDs or social security number equivalents in each of all ~200-250 nation states, and possibly from people's drivers' licenses, and also connected with their smart phones ... and, conceivably, eventually even as part of their bodyminds with a chip or similar ... )." This all doesn't sound exactly reassuring, but regarding the key phrase "and hopefully all ~200 nation states will provide the financial resources for the UBI" ... 1. why on Earth would they do so if UBI is still heavily disputed 2. why on Earth would they want to use a flaky anarchist currency if they can simply do a bank transfer or use any other type of efficient and scalable digital payment to each of their citizen? 3. when and where will you discuss that being able to finance a UBI actually implies dramatic changes to the taxation system and the economy of each of the ~200 nation states? So, given that (1) and (3) are the actually difficult challenges in this scenario, focusing on (2) as if it were a solution to the other two appears quite... out of touch with realism. Since you published your tor-talk post on your website, will you also publish a link to the criticism that led you to write your post and continue the discourse on your website by including these new paragraphs of mine? By the way, I have written several positive posts on the feasibility of CUBI (cumulative unconditional basic income) on my.pages.de - but they have nothing to do with blockchains since the State is funda- mental for making it work, therefore there is no gain in using anti-statal distribution methods: you're not shaking off the dependency on a functional governmental apparatus anyway. But let us not end up in a UBI discussion which is highly OT for tor-talk, and stick firmly on the question whether there are ethical use cases of bitcoin which legitimize it threatening the future of Tor and other civil rights networks, unjustly framed as "darknets". So far I don't see any reason why Tor should defend Bitcoin and risk collapsing politically under its weight. Tor should be a civil rights network, not a criminality network. -- E-mail is public! Talk to me in private using encryption: http://loupsycedyglgamf.onion/LynX/ irc://loupsycedyglgamf.onion:67/lynX https://psyced.org:34443/LynX/ -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Tor bridges over ICMP or DNS
Hello, Has anyone considered making a Tor bridge protocol with ICMP as transport? https://github.com/DhavalKapil/icmptunnel http://www.mit.edu/afs.new/sipb/user/golem/tmp/ptunnel-0.61.orig/web/ http://thomer.com/icmptx/ http://code.gerade.org/hans/ Or tunneling over DNS? http://code.kryo.se/iodine/ http://thomer.com/howtos/nstx.html http://analogbit.com/2008/07/27/tcp-over-dns-tunnel-software-howto/ The current OBFS3/OBFS4 seem to have proven ineffective (as there is nearly zero Tor bridge use in China), so perhaps there needs to be something more stealthy. -- With respect, Roman -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk