What's a github release?
I think you mean a commit which is tagged and I'm
pretty sure meejah tags release commits.
On Sun, Jul 01, 2018 at 04:09:26PM +0100, Iain Learmonth wrote:
> Hi meejah,
>
> On 30/06/18 06:11, meejah wrote:
> > Unfortunately there was a problem when parsing onion services
> can you let me know the start and end date of the scan (2018-03-12?) so I can
> check how many of
> the relays you scanned (the top 100 relays by cw? at the time)
that scan only took an hour or so to perform and I posted the e-mail
minutes after the scan, so you can refer to the date in the e
he consensus to see if a client IP has been blocked?
On Fri, Apr 27, 2018 at 09:12:59PM +, dawuud wrote:
>
> Greetings,
>
> (
> Meejah and I made txtorcon report the reason for circuit
> build failures here: https://github.com/meejah/txtorcon/pull/299
> My scanner now
here status = 'failure';" | sqlite3 scan1.db
| grep -vi timeout
DESTROYED, FINISHED
DESTROYED, FINISHED
DESTROYED, CHANNEL_CLOSED
DESTROYED, CHANNEL_CLOSED
DESTROYED, CHANNEL_CLOSED
DESTROYED, CHANNEL_CLOSED
I'm curious to try this scan at different times of day to see if resul
I did another scan, this time with 3 seconds between each circuit
build and set the max connections to 50 with similar results as
yesterday:
9354 failure
2 timeout
544 success
most of the circuit build failures happened in under a second:
echo "select (end_time - start_time) / 1000 as duration
> And where did you scan *from*?
> (It's hard to interpret the results without the latency and quality of your
> client connection.)
It turns out I am recording circuit build latency. It is unclear to
me exactly what you'd like me to do with this information however
here's a some silly queries:
> Other questions I'd want to investigate:
>
> (A) Are the failures consistent, or intermittent? That is, does a
> failed link always fail, or only sometimes?
Yes this is what our new testing methodology should support.
My current scanner is not sufficient. We want to improve it.
> (B) Are you
> How much worse?
During the Montreal tor dev meeting I counted 1947 circuit build failures.
https://lists.torproject.org/pipermail/tor-project/2017-October/001492.html
> And where did you scan *from*?
I scaned from a server in the Netherlands.
> (It's hard to interpret the results without the
Out of 9900 possible two hop tor circuits among the top 100 tor relays
only 935 circuit builds have succeeded. This is way worse than the last
time I sent a report 6 months ago during the Montreal tor dev meeting.
Here's the scanner I use:
https://github.com/david415/tor_partition_scanner
(I w
I agree with Alec. Don't block the existing tor2web stuff,
that would be very rude. Instead just do not implement any
kind of tor2web for v3 onion services so that tor2web will
gradually fade as we migrate.
> *although speaking as a geek I believe that re-engineering T2W to
> support SSL via SNI-
That sounds terrabad. Can we finally set fire to tor2web? It was
never a good idea.
On Sat, Oct 14, 2017 at 10:45:18AM -0400, Philipp Winter wrote:
> On Tue, Oct 03, 2017 at 08:25:15PM -0400, Philipp Winter wrote:
> > - Many respondents were not aware of search engines such as ahmia.fi.
> > A
> I'm not presenting a scientific paper. Its an actual method that works.
You must learn how to articulate the idea without muddling it with all kinds
of other irrelevant stuff. Nobody mentioned scientific papers. Are you saying
that you don't read papers describing attacks on Tor? They are real
hella old news. oh look here's POC for end to end correlation
https://var.thejh.net/git/?p=detour.git;a=blob;f=README
but why bother chatting about this since it's explicitly not
in Tor's threat model to protect against a global passive adversary?
if you want to protect against that then look int
Dear Mike Guidry,
My reply here is snarky but I just cannot help it. Please consider me
a friend that is snarky rather than an enemy or an asshole.
I am finding it very hard to read. It is *extremely* annoying that you
present your definition of "hacking" at the beginning and then go on to
defi
Are you trolling us? I don't get it!
On Sun, Apr 09, 2017 at 08:19:28PM -0400, Mike Guidry wrote:
> Hello,
>
> Here is a document I've wrote regarding a concept to trace connections even
> through TOR. If you have any questions feel free to respond, and I'll
> attempt to explain. I have also
> Yes, that is necessary. I question, however, whether it is sufficient.
Sufficient for what purpose?
It *is* sufficient for the purpose of preventing Subgraph sandboxed
applications from escaping it's sandbox via the Tor control
port. Actually, one of the Subgraph guys figured this out and tha
It's worth noting that controllers able to run SETCONF can ask the tor
process to execute arbitrary programs:
man torrc | grep exec
So if you want a controller to have any less privileges than the tor
daemon does, you need a control port filter for SETCONF at the very
least.
Without a cont
2017 at 12:03:44AM +, Felipe Dau wrote:
> On Tue, Mar 28, 2017 at 11:08:29PM +, dawuud wrote:
> >
> >
> > I suggest making sure your UI follows the pricinples outlined here:
> >
> > User Interaction Design for Secure Systems
> > http://zesty.ca/
Dear Damian Johnson,
i presume you are the one i should be sending this e-mail to.
i can be the mentor for this unmessage project.
~david
signature.asc
Description: PGP signature
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.to
I suggest making sure your UI follows the pricinples outlined here:
User Interaction Design for Secure Systems
http://zesty.ca/pubs/icics-2002-uidss.pdf
by Ka-Ping Yee
for example:
"Path of Least Resistance. The most natural way to do any task should
also be the most secure way."
Does your
Hey,
Cool project.
Yes... write unit tests with pytest. Sounds good but I would
suggest writing tests earlier in the development process next time.
Does your project have a specification for this software?
Otherwise I have to read the code to learn how it works.
Using automat for the fsm sound
Hi. I'd like to announce txmix, a library for writing mixnets in python.
https://github.com/applied-mixnetworks/txmix
txmix is GPL3 licensed and currently depends on:
sphinxmixcrypto, Twisted, txtorcon, attrs, eliot
and Tor Project's chutney (for integration tests).
txmix allows you to write mi
immediately accessible over IPv6.
> It's not perfect in terms of network protocol encapsulation but it's "good
> enough". https://en.wikipedia.org/wiki/Perfect_is_the_enemy_of_good :)
>
> Razvan
>
> On Thu, Sep 29, 2016 at 2:23 AM, grarpamp wrote:
>
> >
OK I'm replying inline;
> https://www.reddit.com/r/TOR/comments/54rpil/dht_syncthing_bitsync_over_tor/
>
> Hi we would like to integrate DHT Bittorrent Syncing over Tor for our
> open source encrypted obfuscated media rich notepad app.
Why Bittorrent?
It's fun to think about using various comp
Hello,
Certainly OnionVpn could be made to work with the new prop224 onion
services using some interesting properties of ed25519 to compose
private subnets protected by a single ed25519 master key communicated
out of band. But actually onionvpn and onioncat are an ugly hack
and sending arbitrary
scrypt is a key derivation function... the other is not. why compare them?
they are both good for different things, are they not?
here lemme google that for you
https://en.wikipedia.org/wiki/Hash-based_message_authentication_code
https://en.wikipedia.org/wiki/Key_derivation_function
On Fri, Sep
> Under the old method I required the user to set up the hidden/onion
> service by adding a line to their torrc. That's not necessary if I used
> ADD_ONION. In both methods I still need them to enable the control port
right. it shouldn't be necessary at all to modify the torrc... for most
featur
On Thu, Sep 08, 2016 at 07:16:26PM -0400, Jesse V wrote:
> Well, this certainly triggered more conversation than I was expecting. I
> was simply wondering if there was such a method call, and apparently
> there isn't. That's okay.
>
> I thought about this and decided to go with Yawning's suggestio
Dear Liste, concerned Tor relay operators, TCP abolitionists and so called
network forensics experts,
We already have several tools that can detect various types of TCP injection
attacks; for instance:
https://github.com/david415/HoneyBadger
For fun I'll write some TCP inference exploits as
hi,
ROFLCopTor aims to be an exhaustive Tor control port filter daemon written in
golang.
https://github.com/subgraph/roflcoptor
maintainer: David Stainton
The Tor control port exposes powerful functionality, much more authority than
most applications need when they talk to the Tor control p
Hi.
My general feeling here is that it's more useful for me to tell you how I think
people should share files than it would be for me to answer your questions;
sorry, not sorry.
Alice and Bob can share lots of files and they can do so with their Tor onion
services.
They should be able to excha
31 matches
Mail list logo