logs archiveIRC Archive / Oftc / #tor / 2010 / January / 29 / 1
mikeperry
3
doh
nsa
or: phobos committed revision 21515 (/website/trunk/fr): fix an a href.
or: phobos committed revision 21516 (/website/trunk/fr): fix a miscapitalized Vidalia.
or: phobos committed revision 21517 (/projects/todo): update tasklist with current state.
spartacus
mikeperry: you here?
mikeperry
spartacus: aye
spartacus
So I had an issue with a torbutton error report
whcih is to say, I had no Fing clue what it meant
do you have a couple of minutes to discuss?
mikeperry
yeah. a little distracted, but here.
spartacus
ok
It's the one that says "Torbutton blocked changed-state history manipulation. This is to work around af
irefox security bug.
Hit enter in the location box or opena new window or tab instead.
"
I have a couple of issues: I don't understand it (and there's no way to dig deeper) and second, I don't know how to decide if I want to hit enter, open a new window, or panic
can you tell me what's happening, and I may be able to suggest some better language?
mikeperry
ah, ok
so basically, page javascript can access your navigation buttons for you
keb
how convenient
         

spartacus
of course it can!
mikeperry
ie make the browser reload a page, or go back or forward an arbitrary number of times
also, when you ask firefox to disable javascript for a page, it doesn't do it right
and there is no way for torbutton to differentiate when page javascript asks to reload a page or when the user asks to reload a page
spartacus
Maybe "Torbutton is blocking javascript's ability to access your history. This protects your privacy & works around a FF security bug."?
mikeperry
so torbutton blocks everything
spartacus
ok, got it from what you said, but not from the dialog.
mikeperry
and the only way to really reload a page is to hit enter
well we need to tell the user what they can do instead of hitting reload
spartacus
so usually I see this with an empty FF page (I think)
mikeperry
really?
it should only happen when you hit back/forward or reload
after toggling tor
spartacus
ok
I can try to capture the circumstance better
mikeperry
on a page was that was loaded in another tor state
spartacus
Can I suggest that next time you do an update, you include a link to more info?
mikeperry
hrmm, possibly
I'd like to find a way to convey it in a simple statement
but there is a firefox bug I could link to
spartacus
I'm with you, but this seems complex. :(
keb
people dont read more than one sentence error messages
mikeperry
its listed in https://www.torproject.org/torbutton/design/#FirefoxBugs
the javascript one
spartacus
also, I think that I'd be less confused if you gave me one option, not three.
mikeperry
true
spartacus
that page would be easier to find if you included the exact text of the dialog in the page
or even a link to it
Because I have no way to figure out I should go there from the dialog. If I right click torbutton, it doesn't give me a n easy way to find that
mikeperry
ok
spartacus
cool.
         

mikeperry
should I link the bug do you think?
or should I link the design document?
or should I just make the suggestion more concise and explicit
spartacus
#3 is ideal
mikeperry
the bug and the design document probably won't be helpful for normal users
yah
spartacus
how about..
You should see this while a page is reloading. For complex reasons, you should simply hit enter in the awesome URL bar.
+See (link) for details. You can get to (link) by rightclicking on Torbutton
keb
that would mean torbutton has to remember the last few error conditions
spartacus
really?
phobos
"OMG HAX, Open a new tab now!"
keb
what if the user has 20 tabs open
spartacus
thats m normal state! :)
oh!
You know what's likely happening?
keb
and the popup modal window refers to a tab that is not the current one
spartacus
Some stupid page is meta-refreshing and that's generating this
mikeperry
oh wow
yeah
not meta-refresh
those are blocked another way
some page is trying to own you :)
spartacus
That's likely, given where I browse but...
mikeperry
torbutton is doing its job
hrmm that's even more compex
because the user will have no idea what tab is doing the javascript reload
spartacus
I bet you can't see what page is triggering the behavior
mikeperry
and the firefox apis don't make it easy to find out
the firefox apis are *horrible* about providing context
I hope chrome does a better job
spartacus
unfortunately, I'm expecting that to be unlikely
mikeperry
chrome is doing a good job so far with their extension system
spartacus
really? Cool!
mikeperry
they have learned a lot from firefox's mistakes
its still not full fledged enough to write a torbutton for though
keb
so js on some page is trying to go back or forward. what about completely disallow those actions, but tell the user about the back button
mikeperry
spartacus: so given that this can happen via either a background reload or user action, what should the message say?
try toggling tor and hitting reload on a page to see what the most common use case would be
keb
yeah it does nothing
spartacus
Pri 1: Give me a clear action to take. Currently, I'm confused, and confusion leads to scared. I think that leads to "If you have a suddenly blank page, hit reload, otherwise don't worry."
keb
er rather it pops up that warnign dialog
spartacus
Pri 2: Give the subset of users who are interested a way to dig in that *includes the message* that causes them to dig
Because if you hadn't told me that the page you linked answers my question and I was just skimming, I don't know that I'd have seen that as the explaination
keb
can you disable the reload button on a state change?
so the user doesnt try it
spartacus
disable reload on all my pages?
That's going to come across as an extreme solution
mikeperry
I'd rather have a popup with an alternative
keb
well why would you ever want to reload the same page in tor and not tor
doesnt that give away the connection between the two sessions
mikeperry
the problem is I don't know at the time of the alert if it was the user or if it was the page that cause the problem
that's why the message is so cryptic
about "changed-state history manipulation
spartacus
keb: because too many pages on the internet auto-reload themselves?
keb
argh, they should ban javascript
spartacus
and unfortunately, the user perception becomes "tor is breaking things."
mikeperry
keb: also because some people change their minds about being in tor mode
keb
oic
mikeperry
I've watched novice users forget they are in tor and change their minds
when accessing their banks, etc
keb
i've done that hehe
spartacus
mikeperry: P3 feedback--I often hit torbutton repeatedly because it takes a while to change
keb
isnt it safer to start over, rather than leak the cross-state session
spartacus
maybe a "connecting" state would be helpful to avoid that?
keb: Only if the user groks
mikeperry
yeah, koryk was going to add an intermediate state color, but didn't have time for it
spartacus
okey
glad to hear you're thinking about it
keb
what if torbutton had an additional role, to teach them safe browsing. they have tor because they want to be anonymous after all
mikeperry
unfortunately my time is overwhelmingly alloted towards making the performance of the tor network not be quite so terrible. polishing torbutton is not really a high priority right now. basically the only effort I have put into it is "make sure its still functional, safe, private, and secure with each new firefox release"
keb
even that is a lot of work
spartacus
ok. Can I sell you on a bug to track doing something about this sometime?
mikeperry
spartacus: absolutely
this message has been bothering me for a while
I just haven't been sure about what to do about it
I've watched people puzzle over it when first using tor
this bug would have high priority, esp if a replacement message is suggested
it would be put in the next release
spartacus
let me mull on what the ideal re-write might look like
keb
even if there is only one tab open, the problem will occur on other browsers
spartacus
So?
keb
it is worth solving right :)
spartacus
How many browsers does torbutton run on today?
keb
1
spartacus
I expect Mike looks forward to your patches. :)
keb
he
h
spartacus
Maybe BenL or someone else can take feedback on what features are needed for Chrome
but, really, there's going to be soo many wierd browsser deps that I'm not sure there's any cross-browser lessons here.
and besides, spartacus needs food, badly.
keb
i wonder how many problems would be solved vs created if there are no state changes allowed at all. you start with torbutton or you start without torbutton, in separate profiles.
mikeperry
spartacus: https://groups.google.com/group/chromium-extensions/browse_thread/thread/ceba26ca9e2f6a78?hl=en
that's the thread where I suggest chrome apis
robert hogan is working on them I blieve
keb
call it anonymity bracer or something instead of a button
mikeperry
though I've been slacking on helping review his patches
the chrome incognito mode is actually the better model for this stuff
totally separate window that looks different from the others that is for your private browsing
no toggling and state+javascript isolation issues, no confusing which window and tab was used for what
they're doing it right as far as usability
they just have a ways to go on the rigorousness of their private browsing mode
spartacus
ggrrbrereramgngg bug tracker should not fu*king override emacs editing commands.
man!
when it says "go back" it shouldn't F'ING Clear my bug entry. grumble more.
/venting
thanks for your help, mike!
mikeperry
yeah, flyspray really sucks
Sensiva
Hello all, Is there a way to change my Tor path manually?
nsa
or: Juliusz Chroboczek <jch@pps.jussieu.fr>: 2010-01-29 00:28:33 [polipo/master]: Update CHANGES.
or: Juliusz Chroboczek <jch@pps.jussieu.fr>: 2010-01-29 00:28:32 [polipo/master]: Document the new value of diskCacheWriteoutOnClose.
or: Juliusz Chroboczek <jch@pps.jussieu.fr>: 2010-01-29 00:18:01 [polipo/master]: Remove support for non-writable disk cache entries.
or: Juliusz Chroboczek <jch@pps.jussieu.fr>: 2010-01-29 00:28:31 [polipo/master]: Change the default value of diskCacheWriteoutOnClose to 64kB.
Tas
The Vidalia package for PPC from www.torproject.org/dist/testing works fine on OS X 10.5.8 PPC :-)
embernet
so anyone here smoke weed?
nsa
or: Juliusz Chroboczek <jch@pps.jussieu.fr>: 2010-01-29 07:15:15 [polipo/master]: Don't copy URLs before passing them to the regex matcher.
or: pootle committed revision 21518 (/translation/trunk/projects/website/fr): Commit from The Tor Translation Portal by user runa. 80 of 80 messages translated (0 fuzzy).
Kittopaul
Hi all i am using tor and i am wondering how do i manually add a relay for tor to connect to because that is the only way i can bypass my firewall here in SA
nsa
or: pootle committed revision 21519 (/translation/trunk/projects/website/fr): Commit from The Tor Translation Portal by user runa. 217 of 217 messages translated (0 fuzzy).
Kittopaul
?
misc
use a bridge ?
Runa
Kittopaul: http://www.torproject.org/bridges
that should help you bypass the firewall
Kittopaul
but my bridge must be a hostname and vidalia only allows ip addresses and my firewall network firewall does not want to allow ip addresses to go through only hostnames
Runa
Kittopaul: you don't have to set up a bridge, only tell vidalia to use a bridge
Kittopaul
when i convert ip bridges to hostnames and add it then in tor then vidalia does not accept it
Runa
have you tried to use just the ip?
Kittopaul
yes but my firewall only allows hostnames to go through
Runa
sounds strange, and I can't say I know of ways to get around that bit :o
Kittopaul
I use my mobile phone to connect to the internet and my network server provider has this free site called im.mtn.co.za and we use it to browse free the internet for example we need to use im.mtn.co.za.www.google.com to access google but im am wondering how can i use it with tor
Runa
Kittopaul: you have a laptop that connects to the internet via your phone, right?
Kittopaul
no a pc, i use the usb cable to connect my phone to it
Runa
ok, got it :)
Kittopaul
i currently use Your-Freedom to use Mirc
Sebastian
Kittopaul: Sorry, no luck. That is currently an effective way to ban Tor.
BenL
spartacus: I can certainly take feedback for chrome
Sebastian
ln5: hey
rorele
hi
is there some way to use tor with yahoo messenger
127.0.0.1 9050?
Runa
rorele: http://libyanit.blogspot.com/2007/01/annoymous-surfing.html -- that page says something about Tor with Yahoo Messenger. I haven't tested it myself, though.
rorele
im tired of my fu*king ISP fu*king around with everything
i wonder if torrify yahoo is going ti be really slow
ok so localhost: 8118
ok thx
ok which one should i download
Tor Browser Bundle for Windows
(Contains Tor, Vidalia, Torbutton, Polipo, and Firefox) ?
« prev 1 2 3 next »