logs archiveIRC Archive / Oftc / #tor / 2010 / June / 30 / 1
pde
It would be great if some people in the Tor community can switch to the development branch of HTTPS Everywhere:
https://www.eff.org/files/https-everywhere-devel.xpi
We're testing new features and rulesets there before pushing them to 200,000+ people's browsers by auto-update
arma
(Action) installs pde's malware
(unsigned malware, i might add)
pde
we might start using that signature thing when we're "out of beta"
in the mean time you'll just have to trust that flimsy EFF ssl certificate
murb
pde: oh is it possiible to just download teh rules if for instance like me you're curious?
pde
yeah, the xpi file is actually a .zip
the rules are in chrome/content/rules
we don't have a public source repository (yet)
we have a backlog of dozens of rulefiles to evaluate and add
plus we need to improve the UI for displaying them all
murb
ah like jars..
will have a poke, thanks.
arma
pde: my main fuss at this point is that google.com is my homepage, and now i have to go to some other site when i'm in a hotel/airport/etc to get them to mitm me
murb
arma: oh i have a seperate browser profile for that.
as such mitm seem to upset noscripts etc.
also i hate it when they nuke all your tabs..
nottup
If I want to contribute where do I find a list of technical todo items for the tor project?
         

arma
nottup: torproject.org/volunteer is a good start
you might also like https://www.torproject.org/documentation#UpToSpeed
nottup
Thank you.
arma
the latter is easier to understand and might actually be better at explaining what isn't done yet
https://www.torproject.org/projects/ is not finished, but could also be useful
ioerror
nottup: nice name :)
phobos
we have a wiki with an entire section of tasks
for those interested in helping out
https://trac.torproject.org/projects/tor/wiki/projects
once ppl read through the volunteer link and documentation link
nottup
ioerror: Thanks. Being not tup is still a fairly large anonymity set, right?
The UpToSpeed list seems old. I will check into the links.
ioerror
nottup: i guess that i know who youare
nottup, you're not fooling anyone ;-)
nottup: join #tor-dev?
pde
murb: I gave a short-notice talk at Mozilla the other day, without preprepared slides. Half way through I tried to get online, and between HTTPS Everywhere and NoScript, getting MITMed in a hurry turned out to be basically impossible
there needs to be a protocol for interactive network authentication
murb
pde: i wish my hotspot provide i had an aaccount with supported WPA-enterprise auth or something..
it is already a standard, and is already widely supported...
and it has been showd to work for some things like eduroam.
arma
whoops, no more nsa in here remarking on tor commits
Sebastian_
#tor-bugs
erm
bots
#tor-bots
arma
should we try to split nsa so some of the messages still come to here?
Sebastian_
I would think that's a good idea. But some people feel nsa is too verbose, and others feel that it is just displaying lots of useful info, etc.
nickm
bikeshed.
Goldstein
I have long ago ignored nsa
mikeperry
its for developers. I say the bikeshed should be in #tor-dev
nickm
I think we started it out here before #tor-dev split off, and left it here under the theory that non-developers should be encouraged to take an interest in development. Also the bikeshed stared out red but we painted it blue because we were planning to make it look like the TARDIS.
mikeperry
heh
nickm
big merge. I'm glad it's over. :)
carnivore
how about HTTPS_Everywhere for Chrome?
         

phobos
feel free to code it up
do torbutton while you're at it
carnivore
hehe I was just about to ask for torbutton too
what language are chrome extensions written in?
arma
https://groups.google.com/group/chromium-extensions/browse_thread/thread/ceba26ca9e2f6a78/e83920020719a6b2?hide_quotes=no
Goldstein
carnivore: write torora
phobos
extensions for both firefox and chrome are javascript
Goldstein
IMO, there's no replacing a browser written specifically with ananymity in mind
carnivore
Goldstein: what browser would that be?
phobos
other than sticking out like a fox at a hunt club with your user agent of "Super Anonymity Browser 1.0"
Goldstein
phobos: unless you could do something amazing like changing the user agent
phobos
that's unpossible
;)
sorry, been a long day
(Action) departs the conversation
Goldstein
carnivore: torora was an attempt at writing a browser specifically with tor in mind
but it's not actively developed atm
timezoner
Hello, anyone here?
I need some tehc help
*tech
arma
if you ask the question, it's more likely to get answered (no guarantees, but the odds go up :)
timezoner
:)
I'm trying to set the timezone variable in my Win XP machine
I'm in the menu "Environment variables" and I don't know what to do, there's no variable about timezones
Goldstein
control panel?
arma
what's your end goal?
Goldstein
spoofing his TZ
in his browser
IIRC
timezoner
correct
the torbutton folks are working with firefox to eliminate this lingering anonimity flaw
this is a temp fix
but I don't know how to do it!
arma
ah. i'm not sure if env vars even exist on windows.
Goldstein
they do in the system control panel
timezoner
the torbutton FAQ says you can do it in WIN XP
arma
ok. in that case, you'll probably want to just make a new one
environment variables are things that programs can check to see if you wanted them to behave differently
there's no way your windows will have a list of all the names that programs might check
timezoner
^ understood
Goldstein
timezoner: how do you feel about screensize?
javascript can report that too
it could uniquely identify you
arma
screensize doesn't seem as bad as timezone though
timezoner
true, but I'm in a pretty unique timezone, it's much more... narrowing
arma
they both can be used to recognize you, but one inherently gives away more than the other
mikeperry
timezoner,arma,Goldstein: torbutton sets the timezone itself, and FF3.5+ has the firefox patch to pick it up automatically
no need to set it, unless you are thinking about other apps
arma
mikeperry: what is "FF3.5+" exactly?
mikeperry
Firefox 3.5.0 and beyond
Goldstein
mikeperry: I was surprised it wasnt dealt with in some way
timezoner
mike, I've done some tests with a site that informs you your timezone and it seemed to me that torbutton wasn't masking my time zone
mikeperry
Goldstein: we used to handle it by hooking the window.Date object, but that stopped being possible in firefox 3.0
so we moved to setting the TZ environment variable
timezoner: are you using Firefox 3.0?
timezoner
mikeperry
Goldstein: the problem is that windows requires you to manually call _tzset() after updating TZ. I submitted a patch to mozilla to have firefox do this, but they only landed it in 3.5 and above
Goldstein
mikeperry: to be honest, I'm not incredibly worried about either in practise. why should i be?
mikeperry
timezoner: it tells me Your server-calculated timezone is "-4".
whatever that means. sounds like it has no clue
timezoner
oh!!! it told me that exact same thing! You're not argentine, right? he he
mikeperry
hah
so your timezone just happens to be GMT-4? :)
timezoner
that son of a bi**hing site
lol
arma
i'm in gmt-4 too. millions of people are.
mikeperry
I am in PDT
GMT-7
arma
i'm in edt, gmt-4
mikeperry
I think -4 just happens to be their error code
arma
ha
timezoner
I'm in GMT-3, but when I looked at the site without using TOR it told me the same hing and I wrongly thought that was my real timezone
Goldstein
timezoner: why not just set your TZ to EDT?
in windows
dr|z3d
Oh, and there was I thinking -4 related to the likelihood (on a scale of 1 to 10) of Argentina retrieving Las Malvinas. ;)
Goldstein
tell windows you're in NY
lots of company
timezoner
^ but apparnetly mike is saying that the flaw has been correcte das of 3.5, and that webpage seems to prove it
[that was response to goldsteing]
Thanks, gents. Mike, so is the timezone issue already resolved as of 3.5? The FAQ needs to be updated?
mikeperry
yeah. was it our faq that said you needed to set it?
if so, which faq?
timezoner
yeah, let me check...
mikeperry
ah, the one on torproject.org
timezoner
yes... http://www.torproject.org/torbutton/faq.html.en
mikeperry
is Firefox 3.0 officially end of life?
timezoner
Was that question for me? I don't know what you mean.
I've been using TOR since, I dunno, 2006. Nice to chat to some of the folks involved with this uber-awesome program. I'm very thankful, keep up the good work. And bye! :))
Goldstein
xoxo
arma
"...Reached its end of life on March 30, 2010 with the release of Firefox 3.0.19. "
dr|z3d
mikeperry: I believe it is, if not already, then its demise is imminent.
mikeperry
ok. we will then pretend that it doesn't exist
makes this faq entry a lot simpler
dr|z3d
I've heard vague rumors we've got a 4 beta out already.
mikeperry
too bad debian users, you lsoe
but then, you're used to losing
dr|z3d
(Action) laughs.
arma
i am relying on a wikipedia article, which uses https://wiki.mozilla.org/WeeklyUpdates/2010-03-01#Video_for_today.27s_meeting as its justification
dr|z3d
arma: No reason to disbelieve you. ;)
arma
perhaps i am using firefox 3 and that's why i can't read it, but i see nothing on that page about firefox 3's end of life
looks like wikipedia is back to begging the question
mikeperry
too late, website update committed :)
in this case, debian users actually don't lose, because the _tzset() fix wasn't required for them
Blackpaw
Time zones are huge, is it really that big of an anonymity problem?
arma
depends which one you're in
Goldstein
bermuda's might be problematic
bja
Goldstein: naa if my geography lessons serve me right it shares the timezone with central america
Wellington would be a tricky one
Goldstein
hawaii?
arma
or the one west of hawaii
Goldstein
midway?
Blackpaw
Shares it with french polynesia...
Goldstein
(Action) gives a shoutout to all his french polynesian tor using hommies
Blackpaw
wow, the list of default exit ports in the trac wiki is from tor 0.1.0.8
Has it changed?
arma
maybe a bit
Blackpaw
Would it be something I could find by digging through the source?
arma
yes. check out policies.c
#define DEFAULT_EXIT_POLICY \
Blackpaw
Ok Cool
winder
How 1291 bug could be explain?
arma
explain?
winder
invalid relays are in routerlist returned by router_get_routerlist(), if it accessible then dirserv_set_router_is_running() flaged it as Running.
router_is_active() can't affect Running flag.
arma
hm. i see some relays in the consensus that have a Running flag but no Valid flag
we need to do a more controlled experiment. whenever we remove valid from people, they tend to disappear soon after, so we might be confusing two issues.
winder
it can be human factor only, if owner monitors self relay flags.
arma
the last time i noticed it was when a botnet operator signed up about 100 relays
i marked them all invalid, and then they lost their running flag soon after
carnivore
arma any more info on who it was that opened the relays the other day?
arma
yes, actually
http://planetflow.planet-lab.org/search.php?nodeip=128.112.139.25&dstip=&srcport=8281&dstport=&protocol=&starttime=2010/6/28&endtime=2010/6/28&aggreg=agxid&submit=Query
it was xinwen fu's lab. i should mail him i guess.
dr|z3d
Anthrax, probably. ;)
arma
i'm not really sure what i would say, though, so i haven't mailed him
we don't have the strongest of relationships as it is
dr|z3d
You might just ask wtf he's doing for a start.. what with the irc exit policy and the huge temporary exit boost.. perhaps event point him in the direction of puppetor..
*even
:)
There might be some valid research he's conducting that the project could benefit from.. another angle to take..
Aside from the alarm at seeing the exit numbers increase, is there any negative impact to network operations, arma?
arma
not really
dr|z3d
So I guess the tack to take is curiosity more than anything else.
arma
yeah. i already sort of know. he's doing research on tor performance.
« prev 1 2 next »