Re: [tor-talk] obfs4proxy and ports < 1024

2018-03-25 Thread Wanderingnet 
I just took a look at availability of FreeBSD Live ports - not mainstream, you 
say, although I think there are inherent advantages to running live systems (in 
part implied in why TAILS opts to be so by definition - my own pref is to 
exceed this and run the live boot image without ever installing it, making it 
continuous at each boot without being affected by usage, and capable of being 
reestablished and redeployed rapidly in case of failure). GhostBSD is one 
example, Frenzy is another. The latter, pondering defunctness, also illustrates 
another problem with distros in general, and the Linux road is littered with 
abandoned attempts, distros that are no longer supported, and so on. Repo 
operating systems need Repo support, and a constant user base that includes its 
developers. 
I also took a look at the Tor/Tor Browser Bundle issue with regard to BSD, 
where I see many have issues using the two together, as if Linux in this regard 
did not presenr enough. I have just had month after month of problems with Tor 
implementation - though not with the simple act of running Tor per se. I feel 
TBB is also superior, and would like to run Tor as a daemon from it, which no 
one seems to be doing. Many of the security issues derive from online operation 
-  withness the kerfuffle over DNS leaks - rather than OS kernel security 
itself (most pertinent to containment, in my view). 
The problem for me with Tor, as what should be one arm in a repertoire of 
secure systems that are largely unimplemented by default in most - and most 
security - OS's - is the potential lack of security or anonymity of its exit 
nodes, to which Tor Ram Disk was supposed to offer a solution but is 
unimplemented.
I became very tried of the work, and of the minefield of security advice, 
applications, and over-proliferation of problems associated with online 
security as a whole, including with regard to Tor. 
TAILS for me was a non-solution - rigid, not generally receptive to Debian's 
support for software, lacking VPN/I2P/Freenet support, over-committed to Tor 
alone, and what I felt was an awful front-end. I at least want to use an OS 
with a slick and approachable GUI. Fedora is now among the few OS's offering 
kernel hardening as a matter of course - and in my experience was riddled with 
bugs, despite being the apparent source for Redhat. 


​Sent from ProtonMail, Swiss-based encrypted email.​

‐‐‐ Original Message ‐‐‐

On March 25, 2018 3:52 PM, George  wrote:

> ​​
> 
> Wanderingnet:
> 
> > I have considered it, as I explored various distros, most buggy and
> > 
> > by no means secured out-of-the-box, in my view. But I have had such a
> > 
> > nightmare experience working to any degree of satisfaction with
> > 
> > Linux, I am reluctant to work on anything more stripped down. Alpine
> > 
> > Linux was another option I looked at, for example, but there is no
> > 
> > readily available Live CD - you have to build it yourself from
> > 
> > command up (ideally from chroot, I think, to provide the basic
> > 
> > packages and a desktop), then find a way to make a live distro from
> > 
> > it. I remember looking at the BSD site and downloads and pondering on
> > 
> > what I would have to do to get a working live boot...But I have been
> > 
> > generally disappointed by the lack of an ideal secure OS ready to go
> > 
> > with which I am happy. OS work has been put on the backseat for me
> > 
> > for now :) I need a break from it.
> 
> Jumping in late to the party... specifically from BSD-land.
> 
> Keep in mind "stripped-down" is an individual's perspective. I think
> 
> OpenBSD is very tight, and the kernel is rumored to shrink on occasion
> 
> with releases. Yet by default, OpenBSD contains an httpd and smtp
> 
> server, fvwm for X and other things one might consider "bloat."
> 
> Live CDs aren't mainstream like they were ten or more years ago.
> 
> Specifically with FreeBSD, you had FreeBSD tools like Freesbie alive and
> 
> active. It's still in FreeBSD ports in sysutils, but I haven't used in a
> 
> long time. NanoBSD is another simple build system for RAM-based systems,
> 
> but I think most of the activity is/was around pfSense (which
> 
> discontinued using it, I think) and for arm platform builds.
> 
> Specifically look at Crochet for FreeBSD as another option.
> 
> It seems most full system on USB/CD media systems are EOL'd at this point.
> 
> It remains a relatively do-able task for any OS. Install to the media as
> 
> a target, boot off it and configure as you desire. If you want something
> 
> easier to maintain longer-term on OpenBSD, you might look at vnd(4) and
> 
> vndconfig(8) manual pages.
> 
> The issue remains there are so many different needs and preferences in
> 
> such systems, a simple third-party download that is one-size-fits-all is
> 
> unlikely. You'll notice that with systems that contains X managers,
> 
> where it's all XFCE, or KDE, or whatever. A creators view of the ideal

Re: [tor-talk] obfs4proxy and ports < 1024

2018-03-25 Thread George 
Wanderingnet:
> I have considered it, as I explored various distros, most buggy and
> by no means secured out-of-the-box, in my view. But I have had such a
> nightmare experience working to any degree of satisfaction with
> Linux, I am reluctant to work on anything more stripped down. Alpine
> Linux was another option I looked at, for example, but there is no
> readily available Live CD - you have to build it yourself from
> command up (ideally from chroot, I think, to provide the basic
> packages and a desktop), then find a way to make a live distro from
> it. I remember looking at the BSD site and downloads and pondering on
> what I would have to do to get a working live boot...But I have been
> generally disappointed by the lack of an ideal secure OS ready to go
> with which I am happy. OS work has been put on the backseat for me
> for now :) I need a break from it.
> 

Jumping in late to the party... specifically from BSD-land.

Keep in mind "stripped-down" is an individual's perspective. I think
OpenBSD is very tight, and the kernel is rumored to shrink on occasion
with releases. Yet by default, OpenBSD contains an httpd and smtp
server, fvwm for X and other things one might consider "bloat."

Live CDs aren't mainstream like they were ten or more years ago.
Specifically with FreeBSD, you had FreeBSD tools like Freesbie alive and
active. It's still in FreeBSD ports in sysutils, but I haven't used in a
long time. NanoBSD is another simple build system for RAM-based systems,
but I think most of the activity is/was around pfSense (which
discontinued using it, I think) and for arm platform builds.
Specifically look at Crochet for FreeBSD as another option.

It seems most full system on USB/CD media systems are EOL'd at this point.

It remains a relatively do-able task for any OS. Install to the media as
a target, boot off it and configure as you desire. If you want something
easier to maintain longer-term on OpenBSD, you might look at vnd(4) and
vndconfig(8) manual pages.

The issue remains there are so many different needs and preferences in
such systems, a simple third-party download that is one-size-fits-all is
unlikely. You'll notice that with systems that contains X managers,
where it's all XFCE, or KDE, or whatever. A creators view of the ideal
set of utilities and packages rarely matches that of more than a few users.

If it's really something you want, you should probably do it yourself.

We (https://www.torbsd.org/) have weighed doing some sort of TAILS-like
system for OpenBSD, but it's not in the cards in the near term. On that
note, you might look at our wiki at https://wiki.torbsd.org/ for more
relevant information.

g






> 
> ​Sent from ProtonMail, Swiss-based encrypted email.​
> 
> ‐‐‐ Original Message ‐‐‐
> 
> On March 18, 2018 6:56 PM, grarpamp  wrote:
> 
>> ​​
>> 
>>> /etc/protocols
>> 
>> No, that affects userland libraries, largely unrelated
>> 
>> to the kernel. If some simple tool like netcat is kenel
>> 
>> blocked from binding < 1024 as uid 0, then your Linux
>> 
>> distro of the month has included some settings or security
>> 
>> architecture / patch beyond kernel.org, or something in
>> 
>> all those extra layers of abstraction has broken, which
>> 
>> you need to learn then fix, set, or work around as needed.
>> 
>> Or switch to FreeBSD for a more integrated leaner
>> 
>> experience that just works as a whole.
>> 
>> https://www.freebsd.org/
>> 
>> https://wikipedia.org/wiki/FreeBSD
>> 
>> https://www.freebsdfoundation.org/
>> 
>> 
>> -
>>
>>
>> 
tor-talk mailing list - tor-talk@lists.torproject.org
>> 
>> To unsubscribe or change other settings go to
>> 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> 
> 


-- 


34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] obfs4proxy and ports < 1024

2018-03-25 Thread Wanderingnet 
I have considered it, as I explored various distros, most buggy and by no means 
secured out-of-the-box, in my view. But I have had such a nightmare experience 
working to any degree of satisfaction with Linux, I am reluctant to work on 
anything more stripped down. Alpine Linux was another option I looked at, for 
example, but there is no readily available Live CD - you have to build it 
yourself from command up (ideally from chroot, I think, to provide the basic 
packages and a desktop), then find a way to make a live distro from it. I 
remember looking at the BSD site and downloads and pondering on what I would 
have to do to get a working live boot...But I have been generally disappointed 
by the lack of an ideal secure OS ready to go with which I am happy. 
OS work has been put on the backseat for me for now :) I need a break from it. 


​Sent from ProtonMail, Swiss-based encrypted email.​

‐‐‐ Original Message ‐‐‐

On March 18, 2018 6:56 PM, grarpamp  wrote:

> ​​
> 
> > /etc/protocols
> 
> No, that affects userland libraries, largely unrelated
> 
> to the kernel. If some simple tool like netcat is kenel
> 
> blocked from binding < 1024 as uid 0, then your Linux
> 
> distro of the month has included some settings or security
> 
> architecture / patch beyond kernel.org, or something in
> 
> all those extra layers of abstraction has broken, which
> 
> you need to learn then fix, set, or work around as needed.
> 
> Or switch to FreeBSD for a more integrated leaner
> 
> experience that just works as a whole.
> 
> https://www.freebsd.org/
> 
> https://wikipedia.org/wiki/FreeBSD
> 
> https://www.freebsdfoundation.org/
> 
> 
> -
> 
> tor-talk mailing list - tor-talk@lists.torproject.org
> 
> To unsubscribe or change other settings go to
> 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] obfs4proxy and ports < 1024

2018-03-18 Thread grarpamp 
> /etc/protocols

No, that affects userland libraries, largely unrelated
to the kernel. If some simple tool like netcat is kenel
blocked from binding < 1024 as uid 0, then your Linux
distro of the month has included some settings or security
architecture / patch beyond kernel.org, or something in
all those extra layers of abstraction has broken, which
you need to learn then fix, set, or work around as needed.

Or switch to FreeBSD for a more integrated leaner
experience that just works as a whole.
https://www.freebsd.org/
https://wikipedia.org/wiki/FreeBSD
https://www.freebsdfoundation.org/
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] obfs4proxy and ports < 1024

2018-03-18 Thread Wanderingnet 
The IANA assignments/standard protocols per port are assigned in /etc/protocols 
- though no doubt you know that. Does changing the default assignments here 
help? 


​Sent from ProtonMail, Swiss-based encrypted email.​

‐‐‐ Original Message ‐‐‐

On March 11, 2018 1:23 PM, Udo van den Heuvel  wrote:

> ​​
> 
> On 11-03-18 14:16, kact...@gnu.org wrote:
> 
> > \[2018-03-11 09:49\] Udo van den Heuvel udo...@xs4all.nl
> > 
> > > On a new x86_64 firewall I notice that a freshly built obfs4proxy does
> > > 
> > > not want to bind to a port below 1024 and becomes defunct.
> > > 
> > > A port > 1024 works OK.
> > > 
> > > How do I make things work for ports below 1024?
> > 
> > Wild guess. You are aware, that port < 1024 are so-called privilleged
> > 
> > ports, and require root to open (at least with Linux), do not you?
> 
> I am aware of the difference.
> 
> Things did work on the old (firewall) box.
> 
> Things now appear different.
> 
> User root starts the thing but of course the tor user is used for normal
> 
> operation...
> 
> Udo
> 
> 
> 
> 
> tor-talk mailing list - tor-talk@lists.torproject.org
> 
> To unsubscribe or change other settings go to
> 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] obfs4proxy and ports < 1024

2018-03-15 Thread Maxxer 
I did it this way:
https://lorenzo.mile.si/2017/02/running-obfs4-tor-bridge-on-port-80-443/
​
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] obfs4proxy and ports < 1024

2018-03-11 Thread flipchan 
Forward with socat

On March 11, 2018 8:49:26 AM UTC, Udo van den Heuvel  wrote:
>Hello,
>
>On a new x86_64 firewall I notice that a freshly built obfs4proxy does
>not want to bind to a port below 1024 and becomes defunct.
>A port > 1024 works OK.
>How do I make things work for ports below 1024?
>(this works OK on the 32-bit old firewall)
>
>Kind regards,
>Udo
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Take Care Sincerely flipchan layerprox dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] obfs4proxy and ports < 1024

2018-03-11 Thread Udo van den Heuvel 
On 11-03-18 14:16, kact...@gnu.org wrote:
> 
> [2018-03-11 09:49] Udo van den Heuvel 
>> On a new x86_64 firewall I notice that a freshly built obfs4proxy does
>> not want to bind to a port below 1024 and becomes defunct.
>> A port > 1024 works OK.
>> How do I make things work for ports below 1024?
> 
> Wild guess. You are aware, that port < 1024 are so-called privilleged
> ports, and require root to open (at least with Linux), do not you?

I am aware of the difference.
Things did work on the old (firewall) box.
Things now appear different.
User root starts the thing but of course the tor user is used for normal
operation...

Udo


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] obfs4proxy and ports < 1024

2018-03-11 Thread KAction 

[2018-03-11 09:49] Udo van den Heuvel 
> Hello,
> 
> On a new x86_64 firewall I notice that a freshly built obfs4proxy does
> not want to bind to a port below 1024 and becomes defunct.
> A port > 1024 works OK.
> How do I make things work for ports below 1024?

Wild guess. You are aware, that port < 1024 are so-called privilleged
ports, and require root to open (at least with Linux), do not you?

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk