Re: [tor-talk] torsocks is broken and unmaintained
Hi, Matthew Finkel wrote (03 Nov 2012 03:10:53 GMT) : On 11/02/2012 07:36 PM, Jacob Appelbaum wrote: If Robert wants someone to maintain it, I'd be happy to do so. I saw this thread earlier but didn't have a chance to reply. I was thinking about volunteering to patch it up and maintain it if no one else wanted to take it on, also, but if you want to take the lead on it then I'm more than happy to help you where ever possible...assuming this is the direction that's decided upon. With my maintainer of torsocks in Debian hat on, I must say I am very pleased to see two people volunteering to maintain it upstream. Thank you, Jacob and Matthew! I'd love someone to take care of the bunch of bugs that have been waiting for a while in torsocks bug tracker, and I'd love to decrease the amount of patches I'm carrying in the Debian package! I guess next step is to talk to Robert, and perhaps put a 1.2.1 bugfix release out, that would include some long-standing proposed fixes, and prove the world that upstream is alive and kicking again. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] [rt.torproject.org #5761] Connecting a browser which is not SOCKS compatible.
On Fri, 2 Nov 2012 22:10:36 -0600 Mason Mack msn...@gmail.com wrote: Some of the mistakes I made are from following canned solutions, which is reckless, but I'd rather make all of the mistakes I can before I actually come to need such important security measures as Tor. All in all, this setup will allow me to do what I need and the rest will be on a combination of my habits and plausible deniability (the Wii doesn't keep a browser history) ;) ...also, when I brag to other people that I'm the first person to do this, I might need to borrow those technical warnings. Hope you people don't mind. Heh, if this is just a learning exercise then forget I wagged my finger at you and enjoy your experiment :-) Julian -- 3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me signature.asc Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] torsocks is broken and unmaintained
intrigeri: Hi, Matthew Finkel wrote (03 Nov 2012 03:10:53 GMT) : On 11/02/2012 07:36 PM, Jacob Appelbaum wrote: If Robert wants someone to maintain it, I'd be happy to do so. I saw this thread earlier but didn't have a chance to reply. I was thinking about volunteering to patch it up and maintain it if no one else wanted to take it on, also, but if you want to take the lead on it then I'm more than happy to help you where ever possible...assuming this is the direction that's decided upon. With my maintainer of torsocks in Debian hat on, I must say I am very pleased to see two people volunteering to maintain it upstream. Thank you, Jacob and Matthew! Sure thing. Don't expect miracles! I'd love someone to take care of the bunch of bugs that have been waiting for a while in torsocks bug tracker, and I'd love to decrease the amount of patches I'm carrying in the Debian package! Can you give me a list of things that matter most to you in order of your priority? The bug list is mighty long... I guess next step is to talk to Robert, and perhaps put a 1.2.1 bugfix release out, that would include some long-standing proposed fixes, and prove the world that upstream is alive and kicking again. Robert said it was fine in private email for Tor to take over the project. All the best, Jake ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] torsocks is broken and unmaintained
On Sat, Nov 3, 2012 at 1:17 PM, Jacob Appelbaum ja...@appelbaum.net wrote: Can you give me a list of things that matter most to you in order of your priority? The bug list is mighty long... inb4 incoming stream of Debian-centric patches: please be wary of glibc differences: https://bugs.gentoo.org/show_bug.cgi?id=395953 Wrt. this specific bug, perhaps you will want to use Anthony Basile's solution instead of the patch in Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=636943 -- Maxim Kammerer Liberté Linux: http://dee.su/liberte ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] torsocks is broken and unmaintained
Matthew Finkel: On 11/02/2012 07:36 PM, Jacob Appelbaum wrote: Nick Mathewson: On Fri, Nov 2, 2012 at 1:34 PM, adrelanos adrela...@riseup.net wrote: Could you blog it please? I'd like to see more discussion from more people here first, and see whether somebody steps up to say, Yeah, I can maintain that here, or whether somebody else who knows more than me about the issues has something to say. Otherwise I don't know whether to write a looking for maintainer post, a who wants to fork post, a don't use Torsocks, use XYZZY post, or what. If Robert wants someone to maintain it, I'd be happy to do so. I had wanted to extend it to do some various things anyway. I think it would be a suitable base for a bunch of things I'd like to do in the next year. All the best, Jake I saw this thread earlier but didn't have a chance to reply. I was thinking about volunteering to patch it up and maintain it if no one else wanted to take it on, also, but if you want to take the lead on it then I'm more than happy to help you where ever possible...assuming this is the direction that's decided upon. Matt This is a great development. I am sure torsocks has enough issues for two developers. The next logical could be to get control over the old google code hosting, close the google code tracker, announce a news and redirect users and to import everything to torproject.org trac. Once I can post to the issue tracker I will help with testing, reporting bugs, patch the usewithtor/uwt script to your liking (if like me to and don't want to put this into the core). No miracles either. Cheers, adrelanos ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] IsolateSOCKSUser vs IsolateSOCKSAuth bug in documentation or design?
https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/171-separate-streams.txt says: IsolateSOCKSUser https://www.torproject.org/docs/tor-manual-dev.html.en says: IsolateSOCKSAuth Which one is correct? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] ads slow Tor Browser dramatically
On 11/2/2012 10:29 PM, k e bera wrote: I'm not sure why there would be leaks with ABP. Afaik it doesnt send information. However it does update its blocklists which might be language-specific, which splits the anonymity set (if i understand the concept). Regarding use of ABP itself among non-Tor users, i have personally installed it on hundreds of computers every year while servicing them and updating Firefox. So i am sure the user base is at least as large as the TBB user base. Perhaps there is a concern about ability to fix vulnerabilities in the code - who will do that and maintain it. Do they accept patches? It seems to use Mozilla Public License. ABP itself has changed default policy to accept some simple text ads, on the grounds of keeping small well behaved websites alive. Should we be worried about ad-revenue corruption and creep? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk I wasn't suggesting that TBB absolutely try to use AdBlock Plus or any specific Fx extension. I'm suggesting the concept of somehow limiting ads that by their size, design content, dramatically increase page loading time. Who would maintain this new function? I guess the same people (or additional ones) that maintain Tor Project try to attract new users. I've done many side by side tests, w/ w/o AdBlock. Often, pages time out before loading, w/ all ads enabled load fairly fast w/ ads blocked. Again, I don't care about AdBlock, per se. Tor Project could develop their own extension or functionality. One of the most repeated concepts is, the more users on Tor network, the more anonymous users are. By TBB's very design lack of any control over ads, it keeps droves of potential users away, reducing overall anonymity. Yes, it's expected Tor network will be slower than regular internet. No, pages shouldn't fail to load because of far too many or over the top ads, on an already slow network. TBB devs design it, Vidalia, Torbutton, etc., so whatever they deem necessary is blocked or limited. Everyone talks about needing more Tor users to increase anonymity, but part of TBB's design all the ads / scripts, sometimes making it one of _Earth's slowest creatures,_ discourages millions / 100's of millions of potential users. Ads aren't inherently bad. I'm suggesting that too many ads on a page, or ones so large or of a design that slow page loading to a crawl greatly increase Tor network data load, limits growth of new Tor users. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Can I trust Tormail
Trust nobody with that data, including Tormail. On Nov 3, 2012 4:10 AM, HardKor hardkor.i...@gmail.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello, I wonder if someone knows more about the team that is behind Tormail. I see a lot of people using this service and I would like to have an idea about how much I could trust the Tormail admins to not read / expose my communications. Thank you, HardKor 5845 16EB 0589 B89A 5E6E 98DE 74F5 F875 6D34 45F9 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQlPpSAAoJEHT1+HVtNEX5l4AQAJyc74cbvofJtjn8+PYPvXK6 hI28Kn9sLCRJIDkA37RjfQQvey2Ars//TS8k/j94SIslsq2mQNabzztr6UN7Hwe3 Pj7zD/woM2a8Nr+C7xBM8nw1FDtKzvBcoqZP2xxUd8I+CXStIpLQPpebtHulJzcb AhRbRaOGJY3Hnalg9eVnbxAMvj+zhIa9fTAv7yOpZRgbB+wwN/9P64pCFNLRDkR9 HphiN5FaFyqeE7lv+J8eXJstO8JzuyZEAfo5w3qPjNTPmJeUa8VNuwjaS0ucVPKG sLd2BPaB1QIq9Bks6R3KiV55O9cHhaQchFKWrXrC5zPqN3V1N1goTa4vUtf2KJmL myaMjwHImq2pf7c+eg8z8n14GcFRWUSGWO0uA46bo1IGEJBk7KdhxhjumEpGBYBn syootdLUKWQYNeOZxeqEmaXrDufmWy/27HkiOLZAptIFGuW5en7n9DVu2VK9/3BS s4fpquEjAnW2fheszC9MfzEVW4zNnpplYefR/l8LNwqxou88ykbQqhRu12OKTIIT awq9e4k07ecE/swcZOsY0GjfHWo/41wY8nPa/LZ6g0jrhi2vEqz92b6iu5lb8UYZ J4artN1+BHCkM1pee65AyEC/qUuN9hyg3yjpNGI2rftpapAxzaPHbxxDagWHE0Dv p2jzyhgaK832fU4YEC6g =EjHM -END PGP SIGNATURE- ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Emulating a VPN service with Tor (security vs performance)
I hope to test some clearnet 2 hop VPN service with double encryption to feel that part. I thin that also one-hop works Since Tor would not be of benefit there, I must assume there is confusion and ask people to... please get the definitions right: HOP = An action you take, a river you must leap, the distance between two nodes. ZERO hops = no motion. degenerate, no packets can move. ONE hop = no nodes between you and the destination. TWO hops = one node between... N hops = (N-1) nodes between... I also showed defined 2 and 4 hop pictures in a previous post. and that in general Tor is too restricted given it's threat model. Generally my feeling is that Tor should evolve into something more flexible within the balance of performance vs anonymity. Yes. I don't mind restrictive options, even by default for the masses that use it. So long as the same binary may also be configured to do any other useful/custom things that may come up under the Tor model... node directories, node selection, onion encryption, circuit management, isolation models, etc. Tor is still young. There will be a day when you can open a port on Tor and have traffic sent to that port travel some fixed path or a dynamic path governed by certain parameters... independant of how any other port operates :) ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Can I trust Tormail
Trust nobody with that data, including Tormail. Yes. Not Tormail, not Gmail, not Katz, not GMX, not any mail. Your job is to encrypt your mail body and to use encrypted end protocols. And hopefully to choose providers that use TLS to talk to the providers of your correspondants so that the non-body parts are encrypted on the transit wire as well. Of course you can always ask ad...@tormail.org to tell you who they are and what their policy and character and threat model are. Lol. I believe current thinking is that though some of their servers reside in the US, the operators are not of original US origin. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] torsocks is broken and unmaintained
Can you give me a list of things that matter most to you in order of your priority? The bug list is mighty long... inb4 incoming stream of Debian-centric patches: please be wary of glibc differences: And wary that Linux/GNU mod Debian is not the only OS that has current users. The BSD'ers are using it too. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Confusion about Tor log messages showing relay addresses
Using Win TBB 2.2.39-5. Noticed a popup from Tor, saying a particular port was being used by an application that could leak info. Besides that SAME port #, that many pop ups repeatedly mentioned, noticed many similar warnings in the Tor log. Investigated several warning addresses in my FW / network log none were showing up for in or out activity - for any application. Thought, That's strange. I'm looking in Kaspersky's network monitor, that shows every open port for every active app. Even ones shown for Tor didn't match the warnings in Tor log file. Then opened Tor network map the message log, side by side saw the warning addresses / ports were relay addresses, showing up in the relay map. The warning addresses in the log, as they rolled by, were identical to the various relay addresses - repeatedly, not just one or 2. I looked at dozens of addresses in the log warnings they were all relay addresses. What gives? Tor thinks that (Tor) is connecting to (Tor relays) using a protocol that could leak information about my destination? I don't understand. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] How to calculate all the IDs (fingerprints) from getinfo ns/all
On Sat, 03 Nov 2012 21:05:38 +, lacorov affiliate amazon wrote: ... I have try to get the fingerprint ($ with 40 caracters) of the Unamed nickname , with no success, I think there is a way to calculate it, but i don't how to do that ? There is no way to do that; otherwise all the hundreds of nodes named 'Unnamed' would have the same fingerprint. Andreas -- Totally trivial. Famous last words. From: Linus Torvalds torvalds@*.org Date: Fri, 22 Jan 2010 07:29:21 -0800 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] How to calculate all the IDs (fingerprints) from getinfo ns/all
I have try to get the fingerprint ($ with 40 caracters) of the Unamed nickname , with no success, I think there is a way to calculate it, but i don't how to do that ? Does someone know how to do that ? Hi Alex. I'm not entirely sure what you're trying to ask, but if you're wondering how to decode the identity key (the fingerprint) in network status documents then you can do so like... https://gitweb.torproject.org/stem.git/blob/HEAD:/stem/descriptor/router_status_entry.py#l538 Here's a little script that queries GETINFO ns/all then prints all of the fingerprints. from stem.control import Controller with Controller.from_port(control_port = 9051) as controller: controller.authenticate() for desc in controller.get_network_statuses(): print desc.fingerprint atagar@morrigan:~/Desktop/stem$ python example.py 0045EB8B820DC410197B28B4C2F259A02E7C9D9B 0055F95BF05F836BACFC0BDEC6922B90E4086B03 006C3FA7C3F6E3ACD13D0DD9B10C7DFA933C237B 009AE464B34020C462EC9DD0E68B35881253337F 00D8BFAF9446854C5F677B229A50D716B7F63BAF 00E3CEB3BA1D2EABA06D926B47A12A989628DBE4 00EC938D4D51183D26DA5676794FFC05BA14FE80 ... ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] torsocks is broken and unmaintained
On Fri, Nov 2, 2012 at 11:10 PM, Matthew Finkel matthew.fin...@gmail.comwrote: On 11/02/2012 07:36 PM, Jacob Appelbaum wrote: Nick Mathewson: On Fri, Nov 2, 2012 at 1:34 PM, adrelanos adrela...@riseup.net wrote: Could you blog it please? I'd like to see more discussion from more people here first, and see whether somebody steps up to say, Yeah, I can maintain that here, or whether somebody else who knows more than me about the issues has something to say. Otherwise I don't know whether to write a looking for maintainer post, a who wants to fork post, a don't use Torsocks, use XYZZY post, or what. If Robert wants someone to maintain it, I'd be happy to do so. I had wanted to extend it to do some various things anyway. I think it would be a suitable base for a bunch of things I'd like to do in the next year. All the best, Jake I saw this thread earlier but didn't have a chance to reply. I was thinking about volunteering to patch it up and maintain it if no one else wanted to take it on, also, but if you want to take the lead on it then I'm more than happy to help you where ever possible...assuming this is the direction that's decided upon. Okay, sounds like we've got some enthusiasm. Let's get started. I volunteer to review commits and if people ask me to, and suggest that asking me to review stuff for a while might be a smart idea. I just gave myself commit access to the g...@git-rw.torproject.org repo too, in case that helps. I am not planning to be a primary author here. Given the amount of people asking us to apply and/or warning us that we mustn't apply particular patches, I'm going to suggest the following principles for a while: * LET'S START MINIMAL. Let's stick to doing only the very major bugfixes and obvious fixes for at least the next release or two, so that something usable comes out. * NO ARCHITECTURAL ASTRONAUTICS. I'm always tempted when I come to a codebase for the first time to refactor the heck out of it. Let's avoid doing that till we have a little experience with this codebase. There isn't all that much here: let's * LOVE MEANS GET TESTED. If at all possible, we should make this codebase easier to test (right now it wants you to install before testing), and improve the coverage of the tests so that (if as people suspect) we're likely to break things on one platform when we fix them on another, we can at least find out fast whether a patch works everywhere. -- Nick ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] torsocks is broken and unmaintained
On 11/03/2012 08:38 PM, Nick Mathewson wrote: On Fri, Nov 2, 2012 at 11:10 PM, Matthew Finkel matthew.fin...@gmail.comwrote: On 11/02/2012 07:36 PM, Jacob Appelbaum wrote: Nick Mathewson: On Fri, Nov 2, 2012 at 1:34 PM, adrelanos adrela...@riseup.net wrote: Could you blog it please? I'd like to see more discussion from more people here first, and see whether somebody steps up to say, Yeah, I can maintain that here, or whether somebody else who knows more than me about the issues has something to say. Otherwise I don't know whether to write a looking for maintainer post, a who wants to fork post, a don't use Torsocks, use XYZZY post, or what. If Robert wants someone to maintain it, I'd be happy to do so. I had wanted to extend it to do some various things anyway. I think it would be a suitable base for a bunch of things I'd like to do in the next year. All the best, Jake I saw this thread earlier but didn't have a chance to reply. I was thinking about volunteering to patch it up and maintain it if no one else wanted to take it on, also, but if you want to take the lead on it then I'm more than happy to help you where ever possible...assuming this is the direction that's decided upon. Okay, sounds like we've got some enthusiasm. Let's get started. I volunteer to review commits and if people ask me to, and suggest that asking me to review stuff for a while might be a smart idea. I just gave myself commit access to the g...@git-rw.torproject.org repo too, in case that helps. I am not planning to be a primary author here. Thanks for adding one more thing to your plate! I know Jake can handle this but the more eyes we have looking at these initial changes the better it'll be. Given the amount of people asking us to apply and/or warning us that we mustn't apply particular patches, I'm going to suggest the following principles for a while: * LET'S START MINIMAL. Let's stick to doing only the very major bugfixes and obvious fixes for at least the next release or two, so that something usable comes out. Agreed. To be honest, I haven't really looked at the code too much, so I'll start diving into that in a bit. (If there isn't one already...I haven't checked) Can we get a trac component added so we can track progress and such? * NO ARCHITECTURAL ASTRONAUTICS. I'm always tempted when I come to a codebase for the first time to refactor the heck out of it. Let's avoid doing that till we have a little experience with this codebase. There isn't all that much here: let's Yes...let's! :) Was there supposed to be more to that sentence? * LOVE MEANS GET TESTED. If at all possible, we should make this codebase easier to test (right now it wants you to install before testing), and improve the coverage of the tests so that (if as people suspect) we're likely to break things on one platform when we fix them on another, we can at least find out fast whether a patch works everywhere. Certainly sounds like a good idea. I'm going to have to familiarize myself with some of the other *nix platforms it does/should support. Just looking through the current issues on google code, for example, I don't know the internals of OSX well enough *yet* to know if [1] is even possible. But once we've compiled a list of all the current critical patches, Debian and others (assuming such a list doesn't exist already), then we start applying, testing, revising, etc. :) [1] https://code.google.com/p/torsocks/issues/detail?id=41 - Matt ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] torsocks is broken and unmaintained
On Sat, Nov 3, 2012 at 11:23 PM, Matthew Finkel matthew.fin...@gmail.comwrote: On 11/03/2012 08:38 PM, Nick Mathewson wrote: [...] Okay, sounds like we've got some enthusiasm. Let's get started. I volunteer to review commits and if people ask me to, and suggest that asking me to review stuff for a while might be a smart idea. I just gave myself commit access to the g...@git-rw.torproject.org repo too, in case that helps. I am not planning to be a primary author here. Thanks for adding one more thing to your plate! I know Jake can handle this but the more eyes we have looking at these initial changes the better it'll be. Given the amount of people asking us to apply and/or warning us that we mustn't apply particular patches, I'm going to suggest the following principles for a while: * LET'S START MINIMAL. Let's stick to doing only the very major bugfixes and obvious fixes for at least the next release or two, so that something usable comes out. Agreed. To be honest, I haven't really looked at the code too much, so I'll start diving into that in a bit. (If there isn't one already...I haven't checked) Can we get a trac component added so we can track progress and such? Done. At some point we should migrate issues from google code, but IMO that's best done once we have something nontrivial to show for our efforts. * NO ARCHITECTURAL ASTRONAUTICS. I'm always tempted when I come to a codebase for the first time to refactor the heck out of it. Let's avoid doing that till we have a little experience with this codebase. There isn't all that much here: let's Yes...let's! :) Was there supposed to be more to that sentence? Yeah; sometimes I start a sentence, then I think of something to write elsewhere and start another sentence, but then by the time I'm done with that one I don't remember the first sentence any more, so it That one should end with There isn't all that much code here; let's make sure we understand it pretty thoroughly before we complexify it in the name of some half-glimpsed vision. * LOVE MEANS GET TESTED. If at all possible, we should make this codebase easier to test (right now it wants you to install before testing), and improve the coverage of the tests so that (if as people suspect) we're likely to break things on one platform when we fix them on another, we can at least find out fast whether a patch works everywhere. Certainly sounds like a good idea. I'm going to have to familiarize myself with some of the other *nix platforms it does/should support. Just looking through the current issues on google code, for example, I don't know the internals of OSX well enough *yet* to know if [1] is even possible. But once we've compiled a list of all the current critical patches, Debian and others (assuming such a list doesn't exist already), then we start applying, testing, revising, etc. :) [1] https://code.google.com/p/torsocks/issues/detail?id=41 Hm. Supposedly, it's _supposed_ to work on OSX. It has a lot of code for OSX support. I just tried it with curl on my osx laptop, and it seemed to work okay. -- Nick ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk