---BeginMessage---
Hello,
the Polipo in
https://www.torproject.org/dist/vidalia-bundles/vidalia-bundle-0.2.2.22-alpha-0.2.10-ppc.dmg
crashes on startup as follows:
dyld: /Applications/Vidalia.app.new/Contents/MacOS/polipo Undefined
symbols:
/Applications/Vidalia.app.new/Contents/MacOS/polipo
( I saw http://archives.seul.org/or/talk/Jan-2011/msg00161.html but it
doesn't specify where the new bugtracker is).
We do not know of any new bug tracker for Polipo. If you have a bug
report for Polipo itself, report it to the polipo-users mailing list
(see
---BeginMessage---
Dear all,
I've just moved the Polipo repository back to PPS. In order to get the
upstream Polipo sources, you now need to do
git clone git://git.wifi.pps.jussieu.fr/polipo
My branch is called ``master''; Chris's old branch is called
``polipo-chrisd'', and his last tree is
For the most part, anything involving HTTPS, needs to be taken care of in
the browser itself.
My personal opinion (and I'm the author of Polipo) is that all content
munging should be done in the browser -- munging in the proxy is
a broken design. Unfortunately, the browser vendors care more
Trystero Lot lo...@callout.me writes:
it seems the censoredHeaders not working for me.
It works for me.
have anyone tried to use this and add useragent?
It's user-agent, not useragent.
censoredHeaders = user-agent
Juliusz
does anyone know if there is a config file option to turn off all
caching in Polipo?
If you look at the Polipo manual, there's an index. If you look at the
index, there's an entry for uncachable. If you follow the entry,
you'll find the config variable uncachableFile.
--jch
And here is the german press release:
http://klangbuero.net/2009/10/29/freispruch-fur-tor/
Please publish an English translation, so it gets Googlified.
Juliusz
***
To unsubscribe, send
While HADOPI mandates massive surveillance of Internet users, the total
budget voted for enforcing it is a mere 6.7 M¤ per annum, which implies
that enforcement will be entirely from the ISPs' pockets. I'm sure
they'll love it.
The ISPs' pockets? I'd guess they'll all quickly raise their
Specifically, I will be creating a how-to guide for securing standard
LAMP servers as well as a script that will help Linux users set them up.
I have a few ideas for locking down apache, php, etc. but I would
appreciate any other ideas admins of hidden services have as well as
suggestions on
I will also point out functionality Privoxy has as an option. When you
come from another site, it spoofs the referrer as the root of the site
being visited as indicated above. But as you move around within a site
it reports the referrer accurately. Some sites require this for proper
Is anyone know where find an how to use TOR against HADOPI ?
Using tor to evade the French data retention and HADOPI laws is no different
from using tor for evading the surveillance of other police states.
(Hadopi is the new law in france about P2P: if you download some music or
movie with a
Hello, everyone! Sometime in the next week or two, I am planning to
move the repository for Tor software from Subversion to Git.
This is excellent news.
- Better support for offline development.
This also means that occasional contributors will be able to use the
RCS.
A centralised RCS,
Bittorrent is indeed heavy on resource consumption and that's why it's on
the default reject list, I think, but saying it will disrupt the network,
come on, it's a bit hard to tell
Dear Marco,
The issue is somewhat controversial, and as far as I know it's not
discussed in detail anywhere.
A better [idea] would be, again IMHO, open a list of ports used by
normal-use of the tor-network, and block the rest. [...]
Web (80,443), Pop3 (*), NNTP (*), DNS (53), Torrent (default 6881), FTP
(20/21).
Moon,
Please don't give this kind of advice. Somebody might think you know what
For anyone who wants to try IPv6:
If you're running Linux, there's a write-up on
http://www.pps.jussieu.fr/~jch/software/ipv6-connectivity.html
Juliusz
RetroMessenger has been released for linux
http://retromessenger.sf.net
Is there anything to make it working over Tor?
I've only had a quick look, but there are good arguments that the PGP web
of trust is not necessarily the right framework for IM. I suggest that you
look into OTR, which
I have no idea what is involved in running [a recursive name server]
having never configured/setup one before. Would it consume lots of
harddrive realestate? Consume lots of swap or RAM?
This is on a server that is recursive for a small user community (2 to 10
users, depending on the time of
FYI, polipo + gpg's HKP don't work together due to a bug in polipo.
Basically polipo crashes when it encounters the expect 100 continue
sent by gpg. For more info, see:
http://thread.gmane.org/gmane.comp.web.polipo.user/2144
Note that this only happens when the server uses an obsolete
True, I did take that into account. I could be mistaken but I think the main
problem lies with the proxy software. I think that Polipo and, especially,
Privoxy are pretty resource intensive, and affect performance more than Tor
itself.
Polipo has been shown to be faster than most browsers'
**: FWIW and IMHO, I believe that much of the privacy and security of
clients not only has to be, but *should be* left to them. Stopping
Darwin and bottle-feeding those with inferior skills and/or capacity
only drags down the human race. Those who can, will learn; those who
cannot, will
Just as with SMTP, security [with SMTP-submit] is optional. See
RFC 4409 for details on the protocol.
4.3. Require Authentication
The MSA MUST by default issue an error response to the MAIL command
if the session has not been authenticated using [SMTP-AUTH], unless
it has already
Hi,
My laptop is running tor, and its connectivity to the global Interned
depends on where I connecti it to. I'd like to change the tor
configuration depending on my IP address.
More precisely, I'd like to usually run as a client in the default confi-
guration, as a client behind a paranoid
I'm guessing this is a kernel thing, so running date a lot will probably
not help to notice it. Is gettimeofday() the wrong way to ask what time
it is under vmware? :)
Using select (or poll) and gettimeofday, while not technically
correct, is the only portable way of writing an even-driven
I'm trying to run a tor client on my router in order anomyise my network.
- System is: Asus WL-500G (32MB Ram)
Nice router. The CPU is a 260 MHz MIPS core from Broadcom that
implements almost all of the MIPS32 instruction set (the one exception
being the WAIT instruction).
- OS is: OpenWRT
Using privoxy is necessary because
browsers leak your DNS requests when
they use a SOCKS proxy directly,
which is bad for your anonymity.
Firefox should in principle not use the DNS if
network.proxy.socks_remote_dns
is set to true (in about:config).
Privoxy also removes
accept *:443
reject *:*
Folks, please open port 22. 587 and 5222 would be helpful too.
Juliusz
You might or might not be aware about ALIX, the successor to WRAP.
As far as I know, this is proprietary software. Since there are
a number of Free Operating Systems available for embedded platforms[1],
I am not quite sure why you are posting this on or-talk.
i have searched the FAQ's and find the Torlib, and i cannot find
where to download it or any sample of it. And cannot find exactly
how can i use it in my program. Is there any other way to connect
my java program to tor, or kindly point me to something useful..
Tor appears to client
If you are using Tor (and have Firefox configured to use the HTTP
proxy), Firefox will not use the proxy for IPv6 traffic.
Nonsense. At the time at which Firefox decides whether to make
a request through a proxy, it doesn't yet know whether the target
server has an IPv6 address.
What you're
: a bobnjoe browser
: For the crass foreigners among us -- what does this idiom mean?
Bob Joe's Bait, Tackle, and Web Browsers [...] Sorry for the confusion.
Quite the opposite -- thanks to you for the snippet of local colour.
Juliusz
If phobos doesn't have a script I'll most likely write one. The
problem would be that the 'easylist' also includes a whitelist at
the end, I assume that all patterns are scanned from start to end
and if something is blacklisted AND whitelisted, it is
allowed. AFAIK Polipo only provides a
What about censoring ETag, Last-Modified and If-Modified-Since ? Those are
used to send info to the client that will be send back to the server, hence
something can be encoded there to identify the machine.
Don't censor ETag and Last-Modified under any circumstances. Polipo
will survive an
You should use RefControl
https://addons.mozilla.org/en-US/firefox/addon/953 to spoof
referrers headers, not Polipo, as RefControl does HTTPS and HTTP.
Yep. In all cases, doing things in the browser is better than doing
them in the proxy.
However, I understand that Pat is trying to
It's fairly easy to convert the adblock plus 'easylist' into a polipo
forbidden file.
Do you have a script you'd be willing to share? I'd be glad to link
to it from the Polipo page.
Juliusz
Hi,
I am considering changing the Incognito LiveCD to use Polipo.
Excellent news.
Polipo config -
https://tor-svn.freehaven.net/svn/incognito/branches/polipo/root_overlay/etc/polipo/
First point -- you'll definitely want to set disableLocalInterface.
Since you're running with no on-disk
You should not make traffic go transparently through tor, unless the
people using your network fully understand what tor is about, and what
are the associated security risks (such as exit nodes performing MITM
attacks on SSL certificates).
Thank you for your opinion, but it was not
[CC-ing or-talk, in case somebody there has already heard about this
Windows thing]
1. I'm seriously thinking about removing the native Windows code,
unless I find a maintainer.
That worries me a bit,
It's not like Polipo development breaks things daily. If the Mingw
code starts rotting,
Most servers treat Last-Modified values as opaque validators --
IIS and Apache -- don't.
Interesting -- thanks for the info.
Juliusz
- privoxy will use new streams on the same circuit for each of the images
- polipo will generally pipeline everything over the same stream
Not quite. Polipo will try to use up to n simultaneous connections to
a given server, where n is
- 2 for a server that can do pipelining;
- 4 for a
On Sat, Sep 22, 2007 at 05:11:57PM +0200, [EMAIL PROTECTED] wrote 1.3K bytes
in 35 lines about:
For Polipo 1.0.3, I'll include a config.tor for the lazy people.
Point taken. Patches welcome.
Juliusz
What about If-Modified-Since header with time now? The website can know
the las visit, time and the pages of browser with a database.
Added this information with browser identification can not be good.
You're right. This is one of the reasons why you must purge your
browser cache and your
I put together a standard Polipo 1.0.2 universal binary for OSX users.
It's located at http://interloper.org/tmp/polipo/.
Excellent.
The config file has comments for those wishing to use it with Tor.
Could I please see a copy? I'm rather keen on having the default
installation of Polipo
Tor in my experience. i've also had success tweaking the TCP VPN
layer (disable nagle for example, and i recall someone using cork to
benefit too).
This approach is described in RFC 1925 section 2.3.
Juliusz
what may be useful is the transparent TCP proxy support in Tor for
ensuring the VPN connections are going through Tor. (VPN software
being difficult to SOCKS'ify so to speak)
Ahem... if your VPN software is using TCP rather than UDP or raw IP,
then I strongly recommend that you choose a
I may be doing a horrible job of explaining the problem.
No, you're doing fine. I'm just going to explain it differently.
IP over IP works.
UDP over UDP works if your UDP protocol supports it.
TCP over TCP fails. The timeout rules cannot stack properly.
You missed the two important cases
Ahem... if your VPN software is using TCP rather than UDP or raw IP,
then I strongly recommend that you choose a different VPN vendor.
that's not good advice. tcp to 443 and other uses in general are
quite acceptable. (ok, i do favor AH/ESP or UDP, but TCP is still
quite usable and useful)
this is a good idea. 16k might be even better if it worked reliably
(the usual default is 32 to 64k).
Your information might be somewhat obsolete...
Have a look at my machine (a pretty ordinary recent Linux) connecting
to tor.eff.org:
lanthane.45747 209.237.230.67.www: SWE
Now the throughput (``bandwidth'') of a TCP connection is limited by
window/rtt. What this means is that with ConstrainedSockets enabled,
your tor server will have basically unlimited throughput on a local
connection, but be limited to roughly 40 kB/s per connection (that's
bytes, not bits)
attached is the constrained sockets patch.
I'd like to know how this will interact with tor's circuit selection.
If I understand this patch correctly, it sets the SO_SNDBUF and
SO_RCVBUF socket options so as to limit the maximum size of the TCP
send and receive windows respectively.
Now the
(Andrew -- are you on polipo-users? If so, I suggest we move there,
no need to clutter or-talk.)
I put up the source from which I built the dmg and universal binary,
Thanks. (For anyone listening and who's not familiar with Apple's
marketing talk, a « Universal binary » is what us mere
I've built a Polipo-1.0.1 universal binary for OSX 10.4 and above.
Excellent.
Is the async resolver working? I tested it under 10.3 at some point,
but I'd be glad to hear whether I've broken anything since then.
The config file [...] attempts to make intelligent decisions for
usage.
Could
FWIW, if Polipo can detect such a situation (either because we haven't
reached the Content-Length the server declared, or because there was
an unterminated chunk), it will refetch the object.
The responses in question are completely empty, there's not a
single HTTP header and of course the
Dear all,
I'm pleased to announce the release of Polipo-1.0.1, which you will
find on
http://www.pps.jussieu.fr/~jch/software/files/polipo/polipo-1.0.1.tar.gz
http://www.pps.jussieu.fr/~jch/software/files/polipo/polipo-1.0.1.tar.gz.asc
For more information about Polipo, please see
A Windows binary for Polipo 1.0.1 is now available on
http://www.pps.jussieu.fr/~jch/software/files/polipo/polipo-win32-1.0.1.zip
http://www.pps.jussieu.fr/~jch/software/files/polipo/polipo-win32-1.0.1.zip.asc
This binary has never seen a Windows machine, so feedback would be
appreciated.
Like Andrew, I assume the real problem is a malfunctioning
intercepting proxy on the exit node, so there's little you can do
about it.
I would rather blame it on a tor server that crashes or drops the
connection.
WWIW, if Polipo can detect such a situation (either because we haven't
reached
If I am right, wouldn't the majority of the tor user base be better
served if a collection of exit nodes only exited port 80 and 443
traffic?
Please add port 22 (ssh).
I think you sort of missed my point. I'm aware there are lots of
protocols and ports used on tor and that they all need
If I am right, wouldn't the majority of the tor user base be better
served if a collection of exit nodes only exited port 80 and 443
traffic?
Please add port 22 (ssh).
Juliusz
anybody who speaks German read this:
http://www.heise.de/newsticker/meldung/89086
My German is next to nonexistent, but I understand it's about the data
retention provisions of the so-called LCEN law (« law about trust in
digital economy »), more precisely Art. 6 of law 2004-575 dated 21 June
While such interesting configurations are uncommon, single HTTP/1.0
front-end proxies do happen sometimes, so I'll increase serverSlots
when speaking to such a site in the next version of Polipo.
This is done now.
Juliusz
(1) use a smaller timeout for idle connections;
(2) shut down a connection after some number of
serviced requets;
(3) shut down a connection after it's been used
for some time.
I for one would like to see (1) and (3) implemented as
I tend to agree with Roger.
Sigh. Here I am, brain the
With http://www.kde.org/screenshots/:
So according to this test, this page downloads roughly two times
faster through Polipo/tor than through Privoxy/tor, right?
I also tested with another website (http://www.spiegel.de/):
This test is not representative: this is an HTTP/1.0 site. There are
[CC-ing polipo-users again]
this is an HTTP/1.0 site. There are fortunately very few of these
left nowadays.
What exactly is the problem with the site? Watching the circuits in
Vidalia I had the impression that Polipo used keep-alive.
HTTP/1.0 keepalives and HTTP/1.1 persistent
Polipo/tor was still 13% faster?
To which numbers are you referring here?
Sorry, I got confused.
However if I understand you correctly, you're saying that
I intentionally...
My apologies, I got carried away.
Juliusz
Michael Gersten:
getting keep-alive to work will help a lot with web browsing,
Fabian Keil:
Is this an assumption or did you just forget to show your benchmarks
to back this claim up?
I've just tested this by running
wget -p http://www.kde.org/screenshots/
That's 87,607 bytes in 14
The problem is that Skype uses either UDP or TCP, depending on the
situation. If it chooses TCP, Freecap will intercept it
Roger,
Would you agree that Tor should be able to tunnel UDP traffic too?
There's a /lot/ of UDP-based applications that it would make sense to
tunnel over tor.
Would you agree that Tor should be able to tunnel UDP traffic too?
One day I'd like to support this, yes. It's hard though:
http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#TransportIPnotTCP
Forwarding raw IP is difficult, I agree. But it's UDP I'd like you to forward.
Considering
I've just switched to 0.1.2.8, and when trying to access a hidden
service that doesn't exist, I'm getting SOCKS 5 error number 6
``TTL expired''.
That's a somewhat unexpected error -- I'd expect to get error 4 ``host
unreachable''.
Juliusz
Is this a host unreachable case or a network unreachable case? As far as
I can tell, the socks5 error messages are totally undocumented beyond
the short phrase for each one.
It doesn't matter much in my case -- I'm just trying to ensure that
the user of Polipo gets an error message that makes
Actually Windows does exactly the same thing...
I'm sorry I have started this discussion, which is off-topic for this list.
My point is merely that giving user ``nobody'' access to tor's data is
a tragically bad idea. This has nothing to do with Windows.
I've set up the proxy in firefox in order to connect to tor, and it
works well, now I would like to do this:
my_pc - tor - proxy_choosen_by_me:port-www_page
The simplest way would be to set a proxy that can do that upstream of
tor.
my_pc - my_proxy - tor - proxy_choosen_by_me:port - www_page
To shorten... How do I allow nobody to utilize Tor (It can already
do that but I must start it like a root and stop it like a root)
Please don't.
The very reason Unix is more secure than Windows is that Unix actively
uses the permission system to prevent insecure things like PHP from
munging
I'm using custom proxy settings currently, because I'm using Polipo
on port 8123.
You certainly know that, but I'll mention that you can run Polipo on
port 8118 by putting the following in your config file:
proxyPort = 8118
OTOH, would it clutter torbutton's interface too much to have an
1. Run squid on your machine at home (say on port 3128)
Don't do that. Squid will add the ``X-Forwarded-For'' header, and
hence leak your IP.
Instead of Squid, you should run either Privoxy or Polipo.
Juliusz
1. Run squid on your machine at home (say on port 3128)
Don't do that. Squid will add the ``X-Forwarded-For'' header, and
hence leak your IP.
# TAG: forwarded_for on|off
Ah, sorry, I didn't know that.
Juliusz
Alternatively, you can use OpenDNS's servers. See www.opendns.com.
OpenDNS is very easy (just use their IP addresses), and quite fast.
I'm not sure I like their privacy policy:
« Other than to its employees, contractors and affiliated
« organizations, as described above, OpenDNS discloses
The past two versions of Tor (v.0.1.1.23 and v.0.1.2.1-alpha) have
taken awhile to be built/released for Windows (the latter still is
MIA). I know this is because you guys don't have a Windows box
FWIW, I don't have a Windows box either, and use the Mingw cross-compiler
to build Windows
On Wed, Aug 23, 2006 at 03:02:48AM +0200, Juliusz Chroboczek wrote:
6) Polipo writes your hostname in every request. Either define proxyName
to something else, or set [d]isableVia = true in your config file.
This cannot be stressed enough. Unfortunately, use of Via is a MUST
according
Hi all,
I've put an experimental native Windows binary of Polipo in
http://www.pps.jussieu.fr/~jch/software/files/polipo/polipo-20060823.exe
http://www.pps.jussieu.fr/~jch/software/files/polipo/polipo-20060823.exe.asc
This is still very experimental; for serious use, I still recommend
using
78 matches
Mail list logo