Hello All,
Unsigned Tor Browser 13.0.13 (desktop-only) release candidate builds are
now available for testing:
-
https://tb-build-02.torproject.org/~ma1/builds/torbrowser/release/unsigned/13.0.13-build1/
The full changelog can be found here:
-
https://gitlab.torproject.org/tpo/application
Hello All,
Unsigned Tor Browser 13.0.6 (desktop-only) release candidate builds are
now available for testing:
-
https://tb-build-02.torproject.org/~ma1/builds/torbrowser/release/unsigned/13.0.6-build1/
The full changelog can be found here:
-
https://gitlab.torproject.org/tpo/applications/
Hello All,
Unsigned Tor Browser 13.0.4 release candidate builds are now available
for testing:
-
https://tb-build-02.torproject.org/~ma1/builds/torbrowser/release/unsigned/13.0.4/
The full changelog can be found here:
-
https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/bl
Hello All,
Unsigned Tor Browser 12.5.3 release candidate builds are now available
for testing:
- https://tb-build-05.torproject.org/~ma1/builds/release/unsigned/12.5.3/
The full changelog can be found here:
-
https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/tbb-12.5.3-
Hi intrigeri,
On 24/05/2016 16:56, intrigeri wrote:
>
> FWIW, the request headers always include:
>
> Pragma: no-cache
> Cache-Control: no-cache
Good catch!
https://labs.riseup.net/code/issues/11304#change-58146
Sorry for not having noticed it earlier :(
--
Giorgio Maone
ht
On 25/04/2016 18:18, intrigeri wrote:
>> Right. The server now sets both Cache-Control and Expires headers to
>> "last access time + 2 hours", for IDFs.
>> How can I verify, from the client side, that DAVE honors these?
>> Using some Firefox developer tool, perhaps?
>
Yep, ctrl+k, "Net" tab.
-- G
_
way to reduce the network traffic, by
giving the revalidating server another way to tell whether the IDF is
stale other than If-Not-Modified-Since, i.e. If-None-Match, but won't
reduce the validation hits: that's a job for Cache-Control and Expire.
Disclaimer: I'm not a caching guru,
fetches the IDF. This is
basically the only way to fix https://labs.riseup.net/code/issues/10685,
as noted in https://labs.riseup.net/code/issues/10685#note-5
Of course you can and should limit the actual network activity by
properly using Chache-Control and/or ETag h
fine, I guess we can ask for help to other add-on developers
> we know :)
>
> To end with, can you please give a quick look at our existing JS code,
> and tell us if anything can't possibly work in a Firefox add-on such
> as DAVE, or really, if anything r
On 30/11/2015 20:32, sajolida wrote:
> Giorgio Maone:
>> thank you for your time filing those tickets :)
>>
>> Unfortunately I can't look at them closely until Monday because I'm
>> traveling, so please forgive me if the answers to my questions below
>&g
by December 15 we would need to have:
>
> - The Debian and Ubuntu packages ready in backports and PPA. So we can
> do the beta with the final instructions for them.
> - A version of the extension uploaded to addons.mozilla.org so we can
> point to it instead of maone.net.
>
>
erify Extension 0.2.6": {
URL: "dave.xpi",
Hash:
"sha256:c750017b572ebc6417324196f216a13216e5f65de6abd8b1a5a1ce07618ccfdc"
}
);
--
Giorgio Maone
https://maone.net
___
Tails-dev mailing list
Tails-dev@boum.org
https://ma
On 19/11/2015 13:17, sajolida wrote:
>>> 2. #bittorrent-minor should also be visible when #use-button
>>>and #install-button are visible. See slides 3 and 4.
>> OK, done in latest commit.
> I don't see this. I tested with 0.2.5 and it didn't work. I also don't
> see any change while search on '
On 18/11/2015 19:54, sajolida wrote:
>
> I read this too fast. Actually, we don't want the extension to open the
> file browser of the OS right now. After clicking on the "Next" button,
> people will go through step-by-step instructions and we'll tell them
> when to use the ISO image.
So, when you
On 17/11/2015 17:11, sajolida wrote:
> Giorgio Maone:
> Now you've got the flexibility of choosing to pin the domain cert, the
> issuer's (CA's) cert or both.
> I've seen that in conf.json. Regarding the different kinds of pinning,
> how do you switch from trust
On 17/11/2015 16:10, u wrote:
> I have some questions on distribution of the extension:
>
> * Will this extension be available through the Mozilla Add On directory?
> Did you plan to upload it there?
Of course this is a key part of the plan, since it will be signed by
Mozilla and served from their
Status update as of latest commit (extension version 0.2.1) follows.
On 12/11/2015 17:38, sajolida wrote:
> 2. The extension is great because it preserves its state even if you
> close the tab. You can open it again and the result of the verification
> is still there. Still, I think we should rese
On 12/11/2015 17:38, sajolida wrote:
> We also published an alpha version of that page on the website, for
> testing purposes as well here:
>
> https://tails.boum.org/install/download/
>
> But since the time we synced with Giorgio's code we did some changes, of
> course :) They are visible in
On 31/08/2015 20:55, sajolida wrote:
> Giorgio Maone:
>
>> The main roadblock was Mozilla finalizing its add-ons migration strategy
>> to the Electrolysis (e10s) multi-process & sandboxing architecture.
>> Without an ultimate public decision, which has been deemed &q
On 28/08/2015 17:37, sajolida wrote:
> In terms of extension code, Maone told us he would be busy with other
> extension work over the summer but maybe he's back on track now. Giorgio
> what's up? Do you have any ETA for a first prototype? Anything blocking you?
The main roadblock was Mozilla final
el strategy (e.g. going full screen or topmost on the windows
stack) to ensure nothing else can tamper with user's perception.
-- G
On 08/07/2015 02:16, intrigeri wrote:
> Hi,
>
> Giorgio Maone wrote (07 Jul 2015 23:24:07 GMT) :
>> So, just to be clear, *web pages cannot inte
On 07/07/2015 18:06, intrigeri wrote:
Are you saying that any other website that's been loaded in the
current session could alter the result of this verification?
That sounds very bad...
>>> That is what I would assume until some experts in this field tell me
>>> that browsers are sa
;s in a blueprint too:
>
> https://tails.boum.org/blueprint/bootstrapping/extension/prototype
Thanks for the pointer.
--
Giorgio Maone
https://maone.net
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsub
Look at the subject :)
--
Giorgio Maone
https://maone.net
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to
tails-dev-unsubscr...@boum.org.
t;Regular" Firefox users would usually receive the most recent version of
the extension silently and timely through AMO.
--
Giorgio Maone
https://maone.net
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to
tails-dev-unsubscr...@boum.org.
On 09/05/2015 14:24, intrigeri wrote:
> Giorgio Maone wrote (08 May 2015 21:29:44 GMT) :
>> May I just ask, though, why YAML and not, for instance, JSON?
> We already have quite some code to generate, update and validate YAML
> documents with a very similar purpose and content. S
On 07/05/2015 18:12, sajolida wrote:
> Hi Giorgio,
>
> A few days ago we finished a wireframe of the extension that we believe
> is a good start for you to work on. It might still change slightly as we
> continue discussing small details of it.
>
> See
> https://labs.riseup.net/code/attachments/dow
f could be downloaded and installed in a relatively
seamless and safe manner by virtue of Mozilla's already in place
infrastructure.
Using a standalone executable, instead, would actually leave us with the
egg and chicken problem: who does verify the verifier?
--
Giorgio Maone
https://maone.ne
fore, so there must be some reason it doesn't.
>
> My PGP key for this email address is at:
>
> https://defuse.ca/downloads/th.asc
>
> The fingerprint is on my twitter:
>
> https://twitter.com/DefuseSec/status/575767865552306176
>
> -Taylor
>
>
>
> __
>
> So now, I'm more into the native interface. But I need to check with my
> other fellow UX people.
I'm fine with whatever the UX crew deems best.
I was just trying to lay the available options down on the table,
especially in case anybody is not very familiar with Firefox extension
ssible of the (little) user interaction needed for the
download+verification process into the add-on, rather than keeping it on
the web page.
Last but not least, the "native" look and feel which the extension could
provide might increase the perceived trustworthiness of the dow
gt; Tails-dev mailing list
> Tails-dev@boum.org
> https://mailman.boum.org/listinfo/tails-dev
> To unsubscribe from this list, send an empty email to
tails-dev-unsubscr...@boum.org.
- --
Giorgio Maone
https://maone.net
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
iQEcB
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/07/2014 23:35, sajol...@pimienta.org wrote:
> Still, I'd suggest not losing focus with that discussion now, and moving on
> to the initial
implementation to verify SHA-256 and reconsider all that later on :)
I agree and I'm almost done with th
iffin
>
> On July 8, 2014 6:19:07 PM EDT, sajol...@pimienta.org
> <mailto:sajol...@pimienta.org> wrote:
>
> Giorgio Maone wrote:
>
> Hi everybody. The blueprint should be enough for me to
> start hacking a prototype together. If nobody has
up would generally
mitigate the risk of a MITM while grabbing the hash.
However I agree, this is for a future version and shouldn't prevent us
from shipping basic download+verification.
-- G
>
> best,
> Griffin
>
> On July 8, 2014 6:19:07 PM EDT, sajol...@pimienta.org wrote:
&g
On 06/07/2014 17:01, sajolida wrote:
> Ah, and tell us in case you subscribed to the mailing
> list, and we will stop putting you in copy.
Just done.
Also, I found Griffin's message in this thread from the public archive:
I can confirm that an option to select an arbitrary file from the
filesystem
version might embed tails developer's key and
perform OpenPGP authentication itself.
- -- G
On 06/07/2014 17:01, sajolida wrote:
> Together with Giorgio Maone from NoScript and tchou we designed a crazy
> new plan to solve a great deal of ISO verification for the masses.
>
> H
37 matches
Mail list logo