Macports tor broken?
Updated my ports and see this: dyld: Library not loaded: /opt/local/lib/libevent-1.4.2.dylib Referenced from: /opt/local/bin/./tor Reason: image not found Trace/BPT trap -- Jerzy Łogiewa -- jerz...@interia.eu Jedz ile chcesz i chudnij! Sprawdź http://linkint.pl/f2904 *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Is gatereloaded a Bad Exit?
Hello Gregory, On Fri, 11 Feb 2011, Gregory Maxwell wrote: As far as I can tell this is a completely spurious strawman argument. Where is this person with a legitimate reason why they can allow :80 and not :443? What is their reason? I am trying to suggest two things here: 1) We cannot know the answer to this (what is their reason, what is their scenario, what is their threat model) 2) There are uses of ToR, and roles that ToR plays, that are very, very different than the official, accepted use model. So let me back up one step here and state some things that I am sorry are not obvious: - you have no idea what kind of things run over ports like 21, 23, 80, and 110. I know what _I_ use them for, and you know what _you_ use them for, and we know what's in /etc/services, but you are forgetting that anything can run over a TCP port. - you have no idea what particular network activity, or services provided, is considered suspicious in a particular setting. _I_ can run services on arbitrary ports and so can you, and so can most anybody, but you are forgetting that there are threat models wherein this is not the case. - you have no idea what type of overall architecture someone has fit their ToR use into. _I_ use ToR in the typical, accepted fashion, and so does most everyone else, but perhaps ToR is used as simply one component, and maybe not even the most important component, of a larger network architecture. - you have no idea what the overall goal of sending and receiving traffic on the ToR network is for a person or group. _I_ use it like you do, to perform normal Internet functions anonymously - but others may have very different needs, ranging from simple traffic generation to plausible deniability. What frustrates me so much about this whole conversation is that the above items (and we could all come up with many more) are true in general, but are never more true than they are related to ToR. Further, since we're all technical people here, it should be second nature to us that the POWER of an open system are the arbitrary combinations that arise from a simple, unrestrictive ruleset. There are a small number of easily identifiable cons to letting an exit run like this, and there are an unlimited number of unknown pros to letting an exit run like this. You should know this. If anyone was showing up expressing this as a serious constraint with a legitimate cause, then it might be reasonable to reconsider. Certainly if there were many of them. I am suggesting fringe, and possibly temporary use cases that imply actors that probably aren't going to pop in to talk shop. I'll say it again: There are a small number of easily identifiable cons to letting an exit run like this, and there are an unlimited number of unknown pros to letting an exit run like this. You should know this. Tor already has a great many tweaks and heuristics. Why are you not complaining about the exit load-balancing heuristic that denies the exit flag to nodes which don't exit to at least a /8 of several important ports? It impacts a great many more nodes. Or why not complain about the countermeasures against one hop usage that make nodes seizure targets and takes an unfair share of the bandwidth? Forgive me, but this is a near-perfect example of a straw man logical fallacy. My not protesting these other items (which I may or may not support) does not suggest that my above argument is faulty. Will this contingent next be advocating not blacklisting exits known to insert malware or advertisements in the traffic because without this activity the exit operator can not afford to keep their exit going? If running an exit is somehow so imposing on someone that they feel the need to impose bizarre (even inexplicable) restrictions on its behaviour then they really should be helping the tor network in some other way — by running a bridge or a regular middle node. Or finding something else to do with their scarce resources. Tor needs people's help, sure, but it doesn't demand their blood. Why not let the rich white people in the north that you seem to have so much disdain for take a larger part of the exit burden? Again, you are limiting your view to free people who are donating resources for the world. Yes, that is how I am involved in ToR, and how you are involved in ToR, but you completely discount the people running ToR nodes on the other side of the sword, so to speak. They're not in it for you and me, and they're not in it for the EFF - they have an immediate communications need that has both purpose and constraints that you and I cannot imagine. I personally run a node with an oddball exit policy (well, it's down at the moment due to a hardware failure). I wouldn't have any issue explaining the exit policy to someone who asked. (basically I have a node that exists to a collection of hand selected 'read only' websites, plus tcp dns to some dns
Re: Macports tor broken?
On Fri, 11 Feb 2011 11:25:51 +0100, Jerzy Łogiewa jerz...@interia.eu wrote: Updated my ports and see this: Maybe you can give a try to the Homebrew [1] package manager. [1]: http://mxcl.github.com/homebrew/ -- Nicolas Pouillard *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Yet another UDP / DNS quiestion...
I feel that I should explain something before I start asking any questions so here we go: I'm a fresh convert to Linux (barely few week on Ubuntu!) and as much as I'm fascinated by the matters relating to networking, security and anonymity in equal measure I'm intimidated by them. I don't posses any deep knowledge of those topics, I still barely can handle the basics. But with the wealth of knowledge out there and a healthy dose of experimentation I intend to change this. So if my questions are naive (or plainly stupid) please bear in mind that I'm new here. And now for what is bordering me... I was reading Transparently Routing Traffic Through Tor https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy and although I don't need to run Tor as transparent proxy I like the idea of routing the UDP/DNS requests to localhost. If I will reroute all those requests with iptables to the port on which Tor is listening I should have no problems with DNS leaking, right? That should do the trick then: 1. torrc DNSPort 53 DNSListenAddress 127.0.0.1 2. resolv.conf nameserver 127.0.0.1 3. iptables iptables -t nat -A OUTPUT -o lo -j RETURN iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j RETURN iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53 iptables -t nat -A PREROUTING -i $INT_IF -p udp --dport 53 -j REDIRECT --to-ports 53 iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT iptables -A OUTPUT -j REJECT I'm not an expert regarding iptables and 'man iptables' is *very* frightening for someone who barely slides on the surface of all this. From steep three above I sort of understand purpose of rules three and four but rest of them... Are they needed in this example or they can be safely omitted? If in fact they are required for this set-up to work what is their purpose? I will of course replace $INT_IF and $TOR_UID with required values. -- Tomasz Moskal ramshackle.industr...@gmail.com Encrypted mail preferred. Key ID: 2C323C82 signature.asc Description: This is a digitally signed message part
Re: Is gatereloaded a Bad Exit?
On Fri, 11 Feb 2011 17:44 +, John Case c...@sdf.lonestar.org wrote: There are a small number of easily identifiable cons to letting an exit run like this, and there are an unlimited number of unknown pros to letting an exit run like this. You should know this. Leaving aside the original question of whether to BadExit GateReloaded, I'm afraid this argument is without merit. A rational decision can only be made on the basis of that for which you have evidence. There will always be an infinite number of things for which you have no evidence, but which you can imagine. Your argument appears to be equivalent to Pascal's argument for worshipping God - which has always been open to the rejoinder which god, worshipped how?. Until you can quantify the pros, it is only rational to behave on the basis of the quantifiable cons. GD -- http://www.fastmail.fm - Does exactly what it says on the tin *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Problem with downloading attachments in torbrowser for osx
Hey guys, I thought i would bring this to the attention of those concerned in case they already did not know. I am still unable to download any attachments, whether yahoo or gmail, when running tor. The message which appears is [JavaScript Application] Torbutton blocked direct Tor load of plugin content. Use Save-As instead. This is a real pain and i was hoping it would be fixed with the update, but alas Also, the same message appears sometimes on normal pages, such as when you fill forms, or just loading pages like: http://groups.yahoo.com/group/X-clusive_Stuffs Please try to fix this issue in the next update... its a real pain!!!
Re: Problem with downloading attachments in torbrowser for osx
On Sat, Feb 12, 2011 at 05:08:17AM +, M wrote: I thought i would bring this to the attention of those concerned in case they already did not know. I am still unable to download any attachments, whether yahoo or gmail, when running tor. The message which appears is [JavaScript Application] Torbutton blocked direct Tor load of plugin content. Use Save-As instead. Have you tried using Save-As instead? This is a real pain and i was hoping it would be fixed with the update, but alas I believe the trouble is that Firefox doesn't make it easy for extensions to tell if the website is trying to get you to run an external application vs just trying to give you a file to download. But I'll turn the question around on you: which trac entry on https://trac.torproject.org/projects/tor/report/14 did you report your issue on? If it's not on the bugtracker it's nowhere. --Roger *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Problem with downloading attachments in torbrowser for osx
Bugs tend to get fixed faster and/or more efficiently when they are entered into the bug tracking system. I copied this email into a new one at https://trac.torproject.org/projects/tor/ticket/2542 It would be helpful if you can add information such as your - Operating system version - Tor version - Polipo or Privoxy version - Torbutton version - Firefox version - Torbrowser or Vidalia bundle version. and does it work if you use Save As instead? On Sat, Feb 12, 2011 at 05:08:17AM +, M wrote: Hey guys, I thought i would bring this to the attention of those concerned in case they already did not know. I am still unable to download any attachments, whether yahoo or gmail, when running tor. The message which appears is [JavaScript Application] Torbutton blocked direct Tor load of plugin content. Use Save-As instead. This is a real pain and i was hoping it would be fixed with the update, but alas Also, the same message appears sometimes on normal pages, such as when you fill forms, or just loading pages like: http://groups.yahoo.com/group/ X-clusive_Stuffs Please try to fix this issue in the next update... its a real pain!!! *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Problem with downloading attachments in torbrowser for osx
On Sat, Feb 12, 2011 at 5:51 AM, Roger Dingledine a...@mit.edu wrote: On Sat, Feb 12, 2011 at 05:08:17AM +, M wrote: I thought i would bring this to the attention of those concerned in case they already did not know. I am still unable to download any attachments, whether yahoo or gmail, when running tor. The message which appears is [JavaScript Application] Torbutton blocked direct Tor load of plugin content. Use Save-As instead. Have you tried using Save-As instead? 'Save as' does not work with attachments... This is a real pain and i was hoping it would be fixed with the update, but alas I believe the trouble is that Firefox doesn't make it easy for extensions to tell if the website is trying to get you to run an external application vs just trying to give you a file to download. I forgot to mention that when i try to download attachments with an .odt or docx extension.. it works fine...every time. hmm However, .doc, and .rar and other common extensions (as far as the ones i have tried) don't work. But I'll turn the question around on you: which trac entry on https://trac.torproject.org/projects/tor/report/14 Cant access # 14. link shows the same error message :( did you report your issue on? If it's not on the bugtracker it's nowhere. ok.. didnt know.
Re: Problem with downloading attachments in torbrowser for osx
On Sat, Feb 12, 2011 at 5:57 AM, krishna e bera k...@cyblings.on.ca wrote: Bugs tend to get fixed faster and/or more efficiently when they are entered into the bug tracking system. I copied this email into a new one at https://trac.torproject.org/projects/tor/ticket/2542 thanks It would be helpful if you can add information such as your - Operating system version - Tor version - Polipo or Privoxy version - Torbutton version - Firefox version - Torbrowser or Vidalia bundle version. ok and does it work if you use Save As instead? cant save as with attachments... And what about this (and also the link provided by Roger: https://trac.torproject.org/projects/tor/report/14??? Also, the same message appears sometimes on normal pages, such as when you fill forms, or just loading pages like: http://groups.yahoo.com/group/X-clusive_Stuffs
Re: Is gatereloaded a Bad Exit?
On Mon, 31 Jan 2011 11:30:20 -0500 Andrew Lewman and...@torproject.org wrote: In my opinion, judging a relay based on exit policy is a slippery slope we don't want to go down. We never claim to make using Tor alone safer than using the Internet at large. Whether the creep is at Starbucks sniffing the wifi or running a relay is irrelevant to me. Encouraging people to use encrypted communications, the https everywhere firefox extension, and learn to be more secure online are some of our goals. The Tor Browser Bundle, while still a work in progress, is the best way to protect novice users and get them safer than they are without Tor. I personally run encrypted services on unencrypted ports, like 25, 80, 143, 110, etc. It's just a port number and only convention says port 80 has to be for http only. If people start doing deep packet inspection to enforce 80 is really http or running filters in some misguided attempt to block bad things through Tor, then those are reasons to 'badexit' relays. There are some obvious ways we can detect traffic manipulation through Tor relays. Today, we do detect them and badexit those relays. If we're going to start censoring Tor exits based on impressions, we might as well start blocking Tor relays that are rumoured to be run by national intelligence agencies, criminal organizations, martians, and other people we might not like. In fact, we might as well go back to the original model of every Tor relay operator has met and gained Roger's trust. I want a diverse set of Tor relays. If people don't want to trust relays based on whatever heuristics they want to use, great, use ExcludeNodes in your torrc. Don't punish everyone based on rumors and impressions. Hear, hear! Thank you, Andrew, for putting it so clearly in accord with previously posted policy statements by the tor development team, both on the tor lists and on the tor project's web site. I don't know what triggered Mike's dictatorial moment, but I hope he comes to his senses quickly (if he hasn't already; I confess I'm hundreds of messages behind in my email at present). Your remark about the Roger trusts 'em model does still seem to apply to the assignment of Authority flags. Given the current directory protocol(s) and distribution structure, I'm fine with that arrangement for the time being for Authority flagging, but not for BadExit flagging for the reasons you posted, as well as a few posted by others, including myself. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Problem with downloading attachments in torbrowser for osx
On Sat, Feb 12, 2011 at 7:40 AM, M moeedsa...@gmail.com wrote: On Sat, Feb 12, 2011 at 6:48 AM, krishna e bera k...@cyblings.on.cawrote: On Sat, Feb 12, 2011 at 06:23:12AM +, M wrote: On Sat, Feb 12, 2011 at 5:57 AM, krishna e bera k...@cyblings.on.ca wrote: And what about this (and also the link provided by Roger: https:// trac.torproject.org/projects/tor/report/14??? That is good for checking what are the active bug reports so that you do not duplicate an existing bug or you might find a workaround for the issue. When i searched i found two possibly related bugs which i entered into the ticket i created for the case. What i meant was that when i click that link or manully paste it into the browser, i get the same save as error, as with the yahoogroups link i provided. Thus my point is that is it not only a download bug, but also happens with some pages...