logs archiveIRC Archive / Oftc / #tor / 2015 / June / 29 / 1
wgreenhouse
nolsen: unfortunately no--and that might be expensive to do for a distro that issues a new boot image every 6-7 months
er 6-7 weeks
nolsen
expensive?
how is it expensive?
wgreenhouse
nolsen: my understanding is that secure boot is a CA-based system; to be compatible with any vendor's secure boot, you'd thus need to pay for a signed certificate from a root CA on Microsoft's trusted list
and in tails's case that'd be a payment made every 6-7 weeks, given its frequent releases
whitelisting of non-CA-signed boot signatures is possible, but is vendor-dependent and probably more of a headache for end users than just disabling secure boot or enabling bios compatibility mode
nolsen
though disable secure boot = Windows 8.1 annoys you with watermark saying "Secure boot isn't configured properly"
wgreenhouse
right
I would say "patches welcome", but patches to the secure boot PKI aren't really
it's either pay up or turn off
I guess we could start up a fund for tails to get signed
fedora paid up, and there are also projects like "shim" where the thing signed is a tiny loader that chain-loads the actual bootloader
nolsen
also lubuntu has a valid cert.
wgreenhouse
but shim is basically a way to have secure boot still on while not actually checking the boot process at all
nolsen: ubuntu uses shim, IIRC
so their actual kernel or bootloader isn't signed, just a tiny thing loaded in advance of those
nolsen
It'd be funny if microsoft denys a Linux distro
wgreenhouse
nah, the CAs as usual just wanna get paid
         

nolsen
ofc they do.
They need to wipe their ass with money, they have to get the money to do that you knoww.
wgreenhouse
so anyway, major philosophical and practical differences between distros on this
for small ones or ones that release frequently it gets expensive
and I think shim is only for grub, so not clear to me that it'd work for a livesystem like tails
nolsen
it works for livecds
if lubuntu uses shim
wgreenhouse
interesting; I thought maybe you had to disable it for the installer
anyway shim is a way of silencing secure boot without actually securing anything :)
it means that the actual payload doesn't get verified so no actual prevention of boot-level malware happens
nolsen
Then tails needs shim! :3
ky
C0nstant1ne tonight was drunk and has chatted until unconscious
srg
hm
TorBrowser says my path is: Browser->France->Germany->US->Internet
Yet when I go to google, I get it in Swedish.
SHADOWIMPACT
it might be using a different circuit
srg
hmm
randomuser123
how do i torify an application without dns leaks?
mrphs
randomuser123: use tails.
randomuser123
how do i do it without tails?
velope
use the torsocks wrapper/library
(not on Windows)
randomuser123
i am using linux
can proxychains do the job?
velope
possibly, but easy to get wrong. torsocks is what's recommended.
also, although torsocks can torify, that doesn't make an app safe to use with tor. nothing can.
randomuser123
what do you mean?
system info leakage and fingerprinting or something IP related?
velope
the first
IP and DNS leakage is only the beginning of potential issues
mrphs
hence tails.
velope
tails, and not adding just any app of your choice to tails
randomuser123
can i use torsocks with different circuits for different programs?
         

g2x3k
iam wonder is this contact field not valid to recieve mail about tshirt ? [contact: Random <admin AT layer13 dot net> - BTC: 195ZXnAp5Vdy1aXvBtg7F551JuvUXYxXoy]
http://i.imgur.com/buaDs7u.png
Cyrax-
hi all. In the torrc file there is something called "ExitNodes {us}".. what does that mean and do?
caravel
Cyrax-: ExitNodes node,node =>A list of identity fingerprints, nicknames, country codes and address patterns of nodes to use as exit node---that is, a node that delivers traffic for you outside the Tor network.
Cyrax-: (see "man torrc")
Cyrax-: see also https://www.torproject.org/docs/faq.html#ChooseEntryExit
velope
learn about the ExitNodes option, but don't use it
Cyrax-
caravel: So its like it "allows" you to use tor in that country?
caravel
Cyrax-: No :) It's basically letting you *force* the selection of exit nodes, eg. in a particular country
Cyrax-: but read well the warning, "we recommend NOT using these options"
Cyrax-
i see.. Thanks
caravel
Cyrax-: it could be somehow useful if you wanted to defeat eg. a website who would attempt to geolocate you before to display whatever content customization
(so, you could "exit" from one area in particular)
but it's a bad idea as a permanent setting, for obvious reasons - it would much narrow your circuit options, fingerprint etc.
Cyrax-: ^^
Cyrax-
i think i know what u mean. I think u mean its like,if u want to avoid the site from for example hongkong to geolocate me,I just change the US to HK+
*?
velope
no
tor already prevents you from being geolocated, unless you tell the site in some way
Cyrax-
I think i get what Exitnodes mean eentually.. thanks though for the info
*eventually
velope
just avoid using options like that. don't try to customize or shop for nodes, it's a risk to your anonymity
Cyrax-
I dont touch anything unless I get help or do a backup before I try
tms
hello tor community
caravel
hello tms :)
Cyrax-: this kind of setting won't risk your setup, you can experiment with it
it's only some behavior modification :)
velope
oddly put
caravel
(which is entirely reversible, I meant ;-)
yeah, seen Bourne not too long ago :D
« prev next »