- tor-commits - lists.torproject.org

[arm/master] Dropping locales when geoip db is unavailable
by atagar＠torproject.org 26 Apr '11

26 Apr '11

commit 1161a6a6e72dff62fe019b9d15cc0943958359f7 Author: Damian Johnson <atagar(a)torproject.org> Date: Mon Apr 25 19:13:43 2011 -0700 Dropping locales when geoip db is unavailable Previously the connection panel showed '??' for all locales when the geoip database was unavailable. Dropping these entries from the interface entirely instead. --- src/interface/connections/connEntry.py | 3 ++- src/util/torTools.py | 14 +++++++++++--- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/src/interface/connections/connEntry.py b/src/interface/connections/connEntry.py index f613fc2..e6c0d92 100644 --- a/src/interface/connections/connEntry.py +++ b/src/interface/connections/connEntry.py @@ -824,8 +824,9 @@ class ConnectionLine(entries.ConnectionPanelLine): dstAddress += " (%s)" % purpose elif not connections.isIpAddressPrivate(self.foreign.getIpAddr()): extraInfo = [] + conn = torTools.getConn() - if includeLocale: + if includeLocale and not conn.isGeoipUnavailable(): foreignLocale = self.foreign.getLocale("??") extraInfo.append(foreignLocale) spaceAvailable -= len(foreignLocale) + 2 diff --git a/src/util/torTools.py b/src/util/torTools.py index 31a7061..0eebd20 100644 --- a/src/util/torTools.py +++ b/src/util/torTools.py @@ -474,19 +474,19 @@ class Controller(TorCtl.PostEventListener): if isCacheArg and cachedValue: result = cachedValue isFromCache = True - elif isGeoipRequest and self.geoipFailureCount == GEOIP_FAILURE_THRESHOLD: + elif isGeoipRequest and self.isGeoipUnavailable(): # the geoip database aleady looks to be unavailable - abort the request raisedExc = TorCtl.ErrorReply("Tor geoip database is unavailable.") else: try: getInfoVal = self.conn.get_info(param)[param] if getInfoVal != None: result = getInfoVal - if isGeoipRequest: self.geoipFailureCount = 0 + if isGeoipRequest: self.geoipFailureCount = -1 except (socket.error, TorCtl.ErrorReply, TorCtl.TorCtlClosed), exc: if type(exc) == TorCtl.TorCtlClosed: self.close() raisedExc = exc - if isGeoipRequest: + if isGeoipRequest and not self.geoipFailureCount == -1: self.geoipFailureCount += 1 if self.geoipFailureCount == GEOIP_FAILURE_THRESHOLD: @@ -833,6 +833,14 @@ class Controller(TorCtl.PostEventListener): return result + def isGeoipUnavailable(self): + """ + Provides true if we've concluded that our geoip database is unavailable, + false otherwise. + """ + + return self.geoipFailureCount == GEOIP_FAILURE_THRESHOLD + def getMyPid(self): """ Provides the pid of the attached tor process (None if no controller exists

1 0

[arm/master] fix: Missing configuration key for missing geoip
by atagar＠torproject.org 26 Apr '11

26 Apr '11

commit 36512bdc7608db5f225e58926ac0b5f383f6b026 Author: Damian Johnson <atagar(a)torproject.org> Date: Mon Apr 25 18:51:13 2011 -0700 fix: Missing configuration key for missing geoip This causes a crashing error when the Tor geoip file is unavailable, and locales are queried. --- src/util/torTools.py | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/src/util/torTools.py b/src/util/torTools.py index b5913ed..31a7061 100644 --- a/src/util/torTools.py +++ b/src/util/torTools.py @@ -82,7 +82,8 @@ CONFIG = {"torrc.map": {}, "log.torSetConf": log.INFO, "log.torPrefixPathInvalid": log.NOTICE, "log.bsdJailFound": log.INFO, - "log.unknownBsdJailId": log.WARN} + "log.unknownBsdJailId": log.WARN, + "log.geoipUnavailable": log.WARN} # events used for controller functionality: # NOTICE - used to detect when tor is shut down

1 0

r24669: {} put in the bibtex file rather than the bbl droppings (projects/articles/browser-privacy)
by Roger Dingledine 26 Apr '11

26 Apr '11

Author: arma Date: 2011-04-26 01:37:07 +0000 (Tue, 26 Apr 2011) New Revision: 24669 Added: projects/articles/browser-privacy/W3CIdentity.bib Removed: projects/articles/browser-privacy/W3CIdentity.bbl Log: put in the bibtex file rather than the bbl droppings Deleted: projects/articles/browser-privacy/W3CIdentity.bbl =================================================================== --- projects/articles/browser-privacy/W3CIdentity.bbl 2011-04-26 01:06:35 UTC (rev 24668) +++ projects/articles/browser-privacy/W3CIdentity.bbl 2011-04-26 01:37:07 UTC (rev 24669) @@ -1,73 +0,0 @@ -\begin{thebibliography}{10} - -\bibitem{private-browsing} -Gaurav Aggrawal, Elie Bursztein, Collin Jackson, and Dan Boneh. -\newblock An analysis of private browsing modes in modern browsers. -\newblock In {\em Proc. of 19th Usenix Security Symposium}, 2010. - -\bibitem{panopticlick} -Peter Eckersley. -\newblock How unique is your web browser? -\newblock In {\em Proceedings of the 10th international conference on Privacy - enhancing technologies}, PETS'10, pages 1--18, Berlin, Heidelberg, 2010. - Springer-Verlag. - -\bibitem{safecache} -Collin Jackson and Dan Boneh. -\newblock Protecting browser state from web privacy attacks. -\newblock In {\em In Proceedings of the International World Wide Web - Conference}, pages 737--744, 2006. - -\bibitem{security-fingerprinting} -{Jennifer Valentino-DeVries}. -\newblock {Evercookies and Fingerprinting: Are Anti-Fraud Tools Good for Ads?}, - 2010. -\newblock - \url{http://blogs.wsj.com/digits/2010/12/01/evercookies-and-fingerprinting-f% -inding-fraudsters-tracking-consumers/}. - -\bibitem{wsj-fingerprinting} -{Julia Angwin and Jennifer Valentino-DeVries}. -\newblock {Race Is On to 'Fingerprint' Phones, PCs}, 2010. -\newblock - \url{http://online.wsj.com/article/SB100014240527487046792045756467041009595% -46.html}. - -\bibitem{firefox-personas} -Mozilla. -\newblock Personas. -\newblock \url{https://mozillalabs.com/personas/}. - -\bibitem{weave-manager} -Mozilla. -\newblock {The Weave Account Manager}. -\newblock \url{https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager}. - -\bibitem{not-to-toggle} -Mike Perry. -\newblock To toggle, or not to toggle: The end of torbutton. -\newblock - \url{https://lists.torproject.org/pipermail/tor-talk/2011-April/020077.html}. - -\bibitem{torbutton} -Mike Perry. -\newblock {The Torbutton Design Document}, 2011. -\newblock \url{https://www.torproject.org/torbutton/en/design/}. - -\bibitem{facebook-like} -Arnold Roosendaal. -\newblock {Facebook Tracks and Traces Everyone: Like This!} -\newblock {\em SSRN eLibrary}, 2010. - -\bibitem{tracking-identity} -Emily Steel. -\newblock {Online Tracking Company RapLeaf Profiles Users By Name}, 2010. -\newblock - \url{http://online.wsj.com/article/SB100014240527023044105045755602432594160% -72.html}. - -\bibitem{thirdparty} -Dan Witte. -\newblock \url{https://wiki.mozilla.org/Thirdparty}. - -\end{thebibliography} Added: projects/articles/browser-privacy/W3CIdentity.bib =================================================================== --- projects/articles/browser-privacy/W3CIdentity.bib (rev 0) +++ projects/articles/browser-privacy/W3CIdentity.bib 2011-04-26 01:37:07 UTC (rev 24669) @@ -0,0 +1,97 @@ +@article{facebook-like, + type={Working Paper Series}, + title={{Facebook Tracks and Traces Everyone: Like This!}}, + author={Roosendaal, Arnold}, + journal={SSRN eLibrary}, + year={2010}, + publisher={SSRN}, + keywords={Facebook, Like button, Cookies, Profiling, privacy, Data protection}, + location={http://ssrn.com/paper=1717563}, + language={English} +} + +@Misc{wsj-fingerprinting, + title = {{Race Is On to 'Fingerprint' Phones, PCs}}, + author= {{Julia Angwin and Jennifer Valentino-DeVries}}, + year={2010}, + publisher={The Wall Street Journal Online}, + note = {\url{http://online.wsj.com/article/SB10001424052748704679204575646704100959546.html}} +} + +@Misc{security-fingerprinting, + title = {{Evercookies and Fingerprinting: Are Anti-Fraud Tools Good for Ads?}}, + author= {{Jennifer Valentino-DeVries}}, + year={2010}, + publisher={The Wall Street Journal Online}, + note = {\url{http://blogs.wsj.com/digits/2010/12/01/evercookies-and-fingerprinting-finding-fraudsters-tracking-consumers/}} +} + +@Misc{tracking-identity, + title = {{Online Tracking Company RapLeaf Profiles Users By Name}}, + author= {Emily Steel}, + year={2010}, + publisher={The Wall Street Journal Online}, + note = {\url{http://online.wsj.com/article/SB10001424052702304410504575560243259416072.html}} +} + +@INPROCEEDINGS{safecache, + author = {Collin Jackson and Dan Boneh}, + title = {Protecting browser state from web privacy attacks}, + booktitle = {In Proceedings of the International World Wide Web Conference}, + year = {2006}, + pages = {737--744} +} + +@Misc{thirdparty, + author = {Dan Witte}, + note = {\url{https://wiki.mozilla.org/Thirdparty}} +} + +@Misc{torbutton, + title = {{The Torbutton Design Document}}, + author= {Mike Perry}, + year={2011}, + note = {\url{https://www.torproject.org/torbutton/en/design/}} +} + +@Misc{weave-manager, + title = {{The Weave Account Manager}}, + author={Mozilla}, + note = {\url{https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager}} +} + +@inproceedings{private-browsing, + author = {Gaurav Aggrawal and Elie Bursztein and Collin Jackson and Dan Boneh}, + title = {An analysis of private browsing modes in modern browsers}, + year = 2010, + booktitle = {Proc. of 19th Usenix Security Symposium} +} + + +@inproceedings{panopticlick, + author = {Eckersley, Peter}, + title = {How unique is your web browser?}, + booktitle = {Proceedings of the 10th international conference on Privacy enhancing technologies}, + series = {PETS'10}, + year = {2010}, + isbn = {3-642-14526-4, 978-3-642-14526-1}, + location = {Berlin, Germany}, + pages = {1--18}, + numpages = {18}, + url = {http://portal.acm.org/citation.cfm?id=1881151.1881152}, + acmid = {1881152}, + publisher = {Springer-Verlag}, + address = {Berlin, Heidelberg}, +} + +@Misc{not-to-toggle, + title = {To Toggle, or not to Toggle: The End of Torbutton}, + author={Mike Perry}, + note = {\url{https://lists.torproject.org/pipermail/tor-talk/2011-April/020077.html}} +} + +@Misc{firefox-personas, + title = {Personas}, + author= {Mozilla}, + note = {\url{https://mozillalabs.com/personas/}} +}

1 0

r24668: {} First draft. (in projects/articles: . browser-privacy)
by Mike Perry 26 Apr '11

26 Apr '11

Author: mikeperry Date: 2011-04-26 01:06:35 +0000 (Tue, 26 Apr 2011) New Revision: 24668 Added: projects/articles/browser-privacy/ projects/articles/browser-privacy/W3CIdentity.bbl projects/articles/browser-privacy/W3CIdentity.tex projects/articles/browser-privacy/llncs.cls projects/articles/browser-privacy/usenix.sty Log: First draft. Added: projects/articles/browser-privacy/W3CIdentity.bbl =================================================================== --- projects/articles/browser-privacy/W3CIdentity.bbl (rev 0) +++ projects/articles/browser-privacy/W3CIdentity.bbl 2011-04-26 01:06:35 UTC (rev 24668) @@ -0,0 +1,73 @@ +\begin{thebibliography}{10} + +\bibitem{private-browsing} +Gaurav Aggrawal, Elie Bursztein, Collin Jackson, and Dan Boneh. +\newblock An analysis of private browsing modes in modern browsers. +\newblock In {\em Proc. of 19th Usenix Security Symposium}, 2010. + +\bibitem{panopticlick} +Peter Eckersley. +\newblock How unique is your web browser? +\newblock In {\em Proceedings of the 10th international conference on Privacy + enhancing technologies}, PETS'10, pages 1--18, Berlin, Heidelberg, 2010. + Springer-Verlag. + +\bibitem{safecache} +Collin Jackson and Dan Boneh. +\newblock Protecting browser state from web privacy attacks. +\newblock In {\em In Proceedings of the International World Wide Web + Conference}, pages 737--744, 2006. + +\bibitem{security-fingerprinting} +{Jennifer Valentino-DeVries}. +\newblock {Evercookies and Fingerprinting: Are Anti-Fraud Tools Good for Ads?}, + 2010. +\newblock + \url{http://blogs.wsj.com/digits/2010/12/01/evercookies-and-fingerprinting-f% +inding-fraudsters-tracking-consumers/}. + +\bibitem{wsj-fingerprinting} +{Julia Angwin and Jennifer Valentino-DeVries}. +\newblock {Race Is On to 'Fingerprint' Phones, PCs}, 2010. +\newblock + \url{http://online.wsj.com/article/SB100014240527487046792045756467041009595% +46.html}. + +\bibitem{firefox-personas} +Mozilla. +\newblock Personas. +\newblock \url{https://mozillalabs.com/personas/}. + +\bibitem{weave-manager} +Mozilla. +\newblock {The Weave Account Manager}. +\newblock \url{https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager}. + +\bibitem{not-to-toggle} +Mike Perry. +\newblock To toggle, or not to toggle: The end of torbutton. +\newblock + \url{https://lists.torproject.org/pipermail/tor-talk/2011-April/020077.html}. + +\bibitem{torbutton} +Mike Perry. +\newblock {The Torbutton Design Document}, 2011. +\newblock \url{https://www.torproject.org/torbutton/en/design/}. + +\bibitem{facebook-like} +Arnold Roosendaal. +\newblock {Facebook Tracks and Traces Everyone: Like This!} +\newblock {\em SSRN eLibrary}, 2010. + +\bibitem{tracking-identity} +Emily Steel. +\newblock {Online Tracking Company RapLeaf Profiles Users By Name}, 2010. +\newblock + \url{http://online.wsj.com/article/SB100014240527023044105045755602432594160% +72.html}. + +\bibitem{thirdparty} +Dan Witte. +\newblock \url{https://wiki.mozilla.org/Thirdparty}. + +\end{thebibliography} Added: projects/articles/browser-privacy/W3CIdentity.tex =================================================================== --- projects/articles/browser-privacy/W3CIdentity.tex (rev 0) +++ projects/articles/browser-privacy/W3CIdentity.tex 2011-04-26 01:06:35 UTC (rev 24668) @@ -0,0 +1,372 @@ +%\documentclass{llncs} +\documentclass[letterpaper,11pt]{llncs} +%\documentclass{article} % llncs + +\usepackage{usenix} +\usepackage{url} +\usepackage{amsmath} +\usepackage{epsfig} +\usepackage{epsf} +\usepackage{listings} + +%\setlength{\textwidth}{6in} +%\setlength{\textheight}{8.4in} +%\setlength{\topmargin}{.5cm} +%\setlength{\oddsidemargin}{1cm} +%\setlength{\evensidemargin}{1cm} + +\begin{document} + +\title{Bridging the Disconnect Between Web Identity and User Perception} + +\author{Mike Perry \\ The Internet \\ mikeperry(a)torproject.org} + +%\institute{The Internet} + +\maketitle +\pagestyle{plain} + +\begin{abstract} + +There is a huge disconnect between how users perceive their online presence +and the reality of their relationship with the websites they visit. This +position paper explores this disconnect and provides some recommendations for +making the technical reality of the web match user perception, through both +technical improvements as well as user interface cues. By looking at all of +the elements of tracking as though they collectively comprise "User Identity", +we can make better decisions about improvements to both the technical and the +interface aspects of authentication and privacy. + +\end{abstract} + +\section{Introduction} + +The prevailing revenue model of the web is an appealing one. Web users receive +unfettered, frictionless access to an extensive variety of information sources +in exchange for viewing advertising. This advertising is more valuable if each +advertisement is more relevant to the current activity, and if possible, more +relevant to the current user. + +The cost of this is that user privacy on the web is a nightmare. There is +ubiquitous tracking, unseen partnership agreements and data exchange, and +surreptitious attempts to uncover users' identities against their will and +without their knowledge. This is not just happening in the dark, unseemly +corners of the web. It is happening everywhere\cite{facebook-like}. + +The problem is that the revenue model of the web has incentivized companies to +find ways to continue to track users against their will, even if those users +are attempting to protect themselves through currently available methods. +Starting with the infamous "Flash cookies", we have progressed through a +seemingly endless arms race of secondary identifiers and tracking information: +visited history, cache, font and system data, desktop resolution, keystroke +timing, and so on and so forth\cite{wsj-fingerprinting}. + +These efforts have lead to an even wider disconnect between a user's +perception of their privacy and the reality of their privacy. Users simply +can't keep up with the ways they are being tracked. + +When users are being coerced into ceding data about themselves without clear +understanding or consent (and in fact, in many cases despite their explicit +attempts to decline to consent), serious moral issues begin to arise. + +To understand and evaluate potential solutions and improvements to this status +quo, we must explore the disconnect between user experience and the way the +web actually functions with respect to tracking and identity. + +% FIXME: Do we need this paragraph? +%To this end, the rest of this document is structured as follows: First, we +%examine user identity on the web, comparing the average user's perspective to +%what actually is happening technically behind the scenes, and noting the major +%disconnects. We then examine solutions attempting to bridge this disconnect +%from two different directions. + +We only consider implementations that involve privacy-by-design. +Privacy-by-policy approaches such as Do Not Track will not be discussed. + +\section{User Identity on the Web} + +To properly examine this privacy problem, we must probe into the details of +both what a User's perception of their identity is, as well as the technical +realities of what goes into web authentication and tracking. + +\subsection{User Perception of Identity} + +Instinctively, users define their privacy in terms of their identity, in terms +of how they have interacted with a site in order to inform it of who they are. +Typically, the user's perception of their identity on the web is usually a direct +function of the mechanisms used for strong authentication for particular sites. + +For example, users expect that logging in to Facebook creates a relationship +in their browsers when facebook.com is present in the URL bar, but they are +likely not aware that this also extends to their activity on other, arbitrary +sites that happen to include "Like this on Facebook" buttons or +Facebook-sourced advertising content. + +Many, if not most, users expect that when they log out of a site their +relationship ends and that any associated tracking should be over. Even +users who are aware of cookies can be prone to believing that clearing the +cookies and private browsing data related to a particular site is sufficient +to end their relationship with that site. + +Neither of these beliefs has any relation to reality. + +\subsection{Technical Reality of Identity} + +The technical reality of the web today is that users are usually wrong about +their authentication status with respect to a particular site, and are almost +always oblivious to the relationship between content elements of arbitrary +pages. The default experience is such that all of this data exchange is +concealed from the user. + +So then what is identity? In terms of authentication, it would at first appear +to be cookies, HTTP Auth tokens, and client TLS certificates. However, even this +begins to break down. High-security websites are already using fingerprinting +as an auxiliary second factor of authentication\cite{security-fingerprinting}, +and online data aggregators utilize everything they can to build complete +portraits of users' identities\cite{tracking-identity}. + +Identity then is a superset of all the authentication tokens used by the +browser. It is the ability to link a user's activity in one instance to their +activity in another instance, be it across time, or even on the very same page +due to multiple content origins. + +\subsection{Identity as Linkability} + +When expanded to cover all items that enable or substantially contribute to +Linkability, a lot more components of the browser are now in scope. We will +briefly enumerate these components. + +First, the obvious properties are found in the state of the browser: cookies, +DOM storage, cache, cryptographic tokens and cryptographic state, and +location. These are what technical people tend to think of first when it comes +to private browsing and identity, but they are not the whole story. + +Next, we have long-term properties of the browser itself. These include the +User Agent String, the list of installed plugins, rendering capabilities, +window decoration size, and browser widget size. + +Then, we have properties of the computer. These include desktop size, IP +address, clock offset and timezone, and installed fonts. + +Finally, linkability also includes the properties of the multi-origin model of +the web that allow tracking due to partnerships. These include the implicit +cookie transmission model, and also explicit click referral and data exchange +partnerships. + +\subsection{Developing a Threat Model} + +Unfortunately, just about every browser property and functionality is a +potential fingerprinting target. In order to properly address the network +adversary on a technical level, we need a metric to measure linkability of the +various browser properties that extend beyond any stored origin-related state. + +The Panopticlick project by the EFF provides us with exactly this +metric\cite{panopticlick}. The researchers conducted a survey of volunteers +who were asked to visit an experiment page that harvested many of the above +components. They then computed the Shannon Entropy of the resulting +distribution of each of several key attributes to determine how many bits of +identifying information each attribute provided. + +While not perfect\footnotemark, this metric allows us to prioritize effort at +components that have the most potential for linkability. + +\footnotetext{In particular, the test does not take in all aspects of +resolution information. It did not calculate the size of widgets, window +decoration, or toolbar size. We believe this may add high amounts of entropy +to the screen field. It also did not measure clock offset and other time-based +fingerprints. Furthermore, as new browser features are added, this experiment +should be repeated to include them.} + +This metric also indicates that it is beneficial to standardize on +implementations of fingerprinting resistance where possible. More +implementations using the same defenses means more users with similar +fingerprints, which means less entropy in the metric. + +\section{Matching User Perception with Reality} + +When the concept of user identity is expanded to cover all aspects of +linkability, addressing the problem of the disconnect between user perception +and reality becomes clearer. For users to have privacy, and for private +browsing modes to function, the relationship between a user and a site must be +understood by that user. + +It is apparent that the user experiences disconnect with the technical +realities of the web on two major fronts: the average user does not grasp the +privacy implications of the multi-origin model, nor are they given a clear +concept of identity to grasp the privacy implications of the union of the +trackable components of their browsers. + +We will now examine examples of attempts at reducing this disconnect on each +of these two fronts. + +Note that identity-based approaches and the origin-based approaches are +orthogonal. They may be combined, or used independently. + +\subsection{Origin-Based Approaches} + +Origin-based approaches seek to improve the technical behavior of the browser +to make linkability less implicit and more consent-driven. In short, these +approaches seek to make the web behave more like users currently assume it +behaves by anchoring browser state to top-level origins as opposed to +associating it with arbitrary content elements. + +The earliest relevant example of this work is SafeCache\cite{safecache}. +SafeCache seeks to reduce the ability for 3rd party content elements to use +the cache to store identifiers. It does this by limiting the scope of the +cache to the origin in the url bar. This has the effect that commonly sourced +content elements are fetched and cached repeatedly, but this is the desired +property. Each of these prevalent content elements can be crafted to include +unique identifiers for each user, tracking users who attempt to avoid tracking +by clearing cookies. + +Mozilla has a wonderful example of an origin-based improvement written by Dan +Witte and buried on their wiki\cite{thirdparty}. It describes a new dual-keyed +origin for cookies, so that cookies would only be transmitted if they matched +both the top level origin and the third party origin involved in their +creation. This approach would go a long way towards preventing implicit +tracking across multiple websites. + +Similarly, one could imagine this two-level origin isolation being deployed to +improve similar issues with DOM Storage and cryptographic tokens. + +Making the origin model for browser identifiers more closely match the user +activity and user expectation has other advantages as well. With a clear +distinction between 3rd party and top-level cookies, the privacy settings +window could have a user-intuitive way of representing the user's relationship +with different origins, perhaps by using only the favicon of that top level +origin to represent all of the browser state accumulated by that origin. The +user could delete the entire set of browser state (cookies, cache, storage, +cryptographic tokens) associated with a site simply by removing its favicon +from their privacy info panel. + +The problem with origin-based approaches is that individually, they do not +fully address the entire linkability problem unless the same restriction is +applied uniformly to all aspects of stored browser state, and all other +linkability issues are dealt with. Behind-the-scenes partnerships can easily +allow companies to continue to link users to their identities through any +aspect of browser state that is not properly compartmentalized to the top +level origin and bound to the same rules. + +However, linkability based on browser properties is very amenable to this +model. In particular, one can imagine per-origin plugin permissions, +per-origin limits on the number of fonts that can be used, and randomized +window-specific time offsets. + +So, while these approaches are in fact useful for bringing the technical +realities of the web closer to what the user assumes is happening, they must +be deployed uniformly, with a consistent top-level origin restriction model. +This may take significant coordination and standardization efforts. + +\subsection{Identity-Based Approaches} + +We will now discuss what we call the identity-based approaches to privacy. +These approaches, whether explicitly or implicitly, all model the user's web +identity as the entirety of the user's state for all origins. + +The key advantage of identity-based approaches is that they can be simpler +than origin-based approaches when used to improve the privacy problem on their +own. + +While the earliest example of an identity-based approach is our own work on +Torbutton\cite{torbutton}, Torbutton deserves poor marks for both simplicity +and usability\cite{not-to-toggle}. Torbutton attempts to isolate the user's +non-Tor activity from their Tor activity, effectively providing the user with +a blank slate for their Tor activity, but optionally allowing them to toggle +between these two identities. + +Firefox Private Browsing Mode is very similar, in that it allows users to +switch between their normal browsing and a "private" clean slate. + +% FIXME: This paragraph can go if we need space: +Both Firefox PBM and Torbutton suffer from usability issues, primarily because +this concept of separate browsing identities is not properly conveyed to the +user. In Firefox's case, this usability issue is apparent through the quantity +of mode error observed in the review of Private Browsing Modes by Dan Boneh et +al\cite{private-browsing}. In Torbutton's case, the issues appear more severe. +We've informally observed that users have tremendous difficulties remembering +which tabs were Tor-related and which were non-Tor related, and we've also +observed issues with mode error. + +Both of these approaches are exceedingly complex: they deal with every aspect +of browser state individually. This development effort however does enable +Firefox and Torbutton to provide the user with great fine-grained control. + +Google Chrome's Incognito Mode comes the closest to conveying this idea of +"Incognito identity" to the user, and the implementation is also simpler as a +result. The Incognito Mode window is a separate, stylized window that clearly +conveys an alternate identity is in use for this window, which can be used +concurrent to the non-private identity. This appears to lead to less mode +error (where the user forgets their private browsing state) compared to other +browsers. + +% FIXME: This paragraph can go if we need space: +The implementation of Incognito is as a virtualized in-memory profile, which +allows them to achieve protection against history storage issues for very low +effort. It also allows them to tweak browser properties and permissions +specifically for this profile. + +The Mozilla Weave project appears to be proposing an identity-based method of +managing, syncing, and storing authentication tokens, and also has use cases +described for multiple users of a single browser\cite{weave-manager}. It is +the closest idea on paper to what we envision as the way to bridge user +assumptions with reality. + +We believe that the user interface of the browser should convey a sense of +persistent identity prominently to the user in the form of a visual cue. This +cue can either be an abstract image, graphic or theme (such as the user's +choice of Firefox Persona\cite{firefox-personas}), or it can be a text area +with the user's current favored pseudonym. This idea of identity should then +be integrated with the browsing experience. Users should be able to click a +button to get a clean slate for a new identity, and should be able to log in +and out of of password-protected stored encrypted identities, which would +contain the entire state of the browser. This is the direction the Tor Project +intends to head in with the Tor Browser Bundle\cite{not-to-toggle}. + +To this user, the Private Browsing Mode would be no more than a special case +of this identity UI - a special identity that they can trust not to store +browsing history information to disk. Such a UI also more explicitly captures +what is going on with respect to the user's relationship to the web. + +However, all current private browsing modes fall short of protecting against a +network adversary and fail to deal with linkability against a network +adversary\cite{private-browsing}, claiming that it is outside their threat +model\footnotemark. If the user is given a new identity that is still linkable +to the previous one due to shortcomings of the browser, this approach has +failed as a privacy measure. + +\footnotetext{The primary reason given to abstain from addressing the network +adversary is IP address linkability. However, we believe this to be a red +herring. Users are quite capable of using alternate Internet connections, and +it is common practice for ISPs in many parts of the world to rotate user IP +addresses daily, to discourage servers and to impede the spread of malware. +This is especially true of cellular IP networks.} + +Linkability solutions within the identity framework would be similar to the +origin-based solutions, except they would be properties of the entire browser +or browser profile, and would be obfuscated only once per identity switch. + +% FIXME: Elaborate? + +\section{Conclusions} + +There is a demand for private browsing, and we believe that solid private +browsing modes can be created. In order to do this, we need solid analysis of +the threat models involved, and we need standardization for many aspects of +defense. + +However, there is currently a huge disconnect between user privacy and +identity due to both the multi-origin nature of the web, and the failure of +browsers to adequately convey a sense of identity to the user. It is possible +to bridge this disconnect both by addressing the issues with the multi-origin +model, as well as providing the user with an explicit representation of their +web identity, and with control over this identity. + +% XXX: The dangers of adblockers and filters + the long-term imperative of +% improving privacy for the continued use of the advertising revenue model. + +\bibliographystyle{plain} \bibliography{W3CIdentity} + +\clearpage +\appendix + +\end{document} Added: projects/articles/browser-privacy/llncs.cls =================================================================== --- projects/articles/browser-privacy/llncs.cls (rev 0) +++ projects/articles/browser-privacy/llncs.cls 2011-04-26 01:06:35 UTC (rev 24668) @@ -0,0 +1,1016 @@ +% LLNCS DOCUMENT CLASS -- version 2.8 +% for LaTeX2e +% +\NeedsTeXFormat{LaTeX2e}[1995/12/01] +\ProvidesClass{llncs}[2000/05/16 v2.8 +^^JLaTeX document class for Lecture Notes in Computer Science] +% Options +\let\if@envcntreset\iffalse +\DeclareOption{envcountreset}{\let\if@envcntreset\iftrue} +\DeclareOption{citeauthoryear}{\let\citeauthoryear=Y} +\DeclareOption{oribibl}{\let\oribibl=Y} +\let\if@custvec\iftrue +\DeclareOption{orivec}{\let\if@custvec\iffalse} +\let\if@envcntsame\iffalse +\DeclareOption{envcountsame}{\let\if@envcntsame\iftrue} +\let\if@envcntsect\iffalse +\DeclareOption{envcountsect}{\let\if@envcntsect\iftrue} +\let\if@runhead\iffalse +\DeclareOption{runningheads}{\let\if@runhead\iftrue} + +\let\if@openbib\iffalse +\DeclareOption{openbib}{\let\if@openbib\iftrue} + +\DeclareOption*{\PassOptionsToClass{\CurrentOption}{article}} + +\ProcessOptions + +\LoadClass[twoside]{article} +\RequirePackage{multicol} % needed for the list of participants, index + +\setlength{\textwidth}{12.2cm} +\setlength{\textheight}{19.3cm} + +% Ragged bottom for the actual page +\def\thisbottomragged{\def\@textbottom{\vskip\z@ plus.0001fil +\global\let\@textbottom\relax}} + +\renewcommand\small{% + \@setfontsize\small\@ixpt{11}% + \abovedisplayskip 8.5\p@ \@plus3\p@ \@minus4\p@ + \abovedisplayshortskip \z@ \@plus2\p@ + \belowdisplayshortskip 4\p@ \@plus2\p@ \@minus2\p@ + \def\@listi{\leftmargin\leftmargini + \parsep 0\p@ \@plus1\p@ \@minus\p@ + \topsep 8\p@ \@plus2\p@ \@minus4\p@ + \itemsep0\p@}% + \belowdisplayskip \abovedisplayskip +} + +\frenchspacing +\widowpenalty=10000 +\clubpenalty=10000 + +\setlength\oddsidemargin {63\p@} +\setlength\evensidemargin {63\p@} +\setlength\marginparwidth {90\p@} + +\setlength\headsep {16\p@} + +\setlength\footnotesep{7.7\p@} +\setlength\textfloatsep{8mm\@plus 2\p@ \@minus 4\p@} +\setlength\intextsep {8mm\@plus 2\p@ \@minus 2\p@} + +\setcounter{secnumdepth}{2} + +\newcounter {chapter} +\renewcommand\thechapter {\@arabic\c@chapter} + +\newif\if@mainmatter \@mainmattertrue +\newcommand\frontmatter{\cleardoublepage + \@mainmatterfalse\pagenumbering{Roman}} +\newcommand\mainmatter{\cleardoublepage + \@mainmattertrue\pagenumbering{arabic}} +\newcommand\backmatter{\if@openright\cleardoublepage\else\clearpage\fi + \@mainmatterfalse} + +\renewcommand\part{\cleardoublepage + \thispagestyle{empty}% + \if@twocolumn + \onecolumn + \@tempswatrue + \else + \@tempswafalse + \fi + \null\vfil + \secdef\@part\@spart} + +\def\@part[#1]#2{% + \ifnum \c@secnumdepth >-2\relax + \refstepcounter{part}% + \addcontentsline{toc}{part}{\thepart\hspace{1em}#1}% + \else + \addcontentsline{toc}{part}{#1}% + \fi + \markboth{}{}% + {\centering + \interlinepenalty \@M + \normalfont + \ifnum \c@secnumdepth >-2\relax + \huge\bfseries \partname~\thepart + \par + \vskip 20\p@ + \fi + \Huge \bfseries #2\par}% + \@endpart} +\def\@spart#1{% + {\centering + \interlinepenalty \@M + \normalfont + \Huge \bfseries #1\par}% + \@endpart} +\def\@endpart{\vfil\newpage + \if@twoside + \null + \thispagestyle{empty}% + \newpage + \fi + \if@tempswa + \twocolumn + \fi} + +\newcommand\chapter{\clearpage + \thispagestyle{empty}% + \global\@topnum\z@ + \@afterindentfalse + \secdef\@chapter\@schapter} +\def\@chapter[#1]#2{\ifnum \c@secnumdepth >\m@ne + \if@mainmatter + \refstepcounter{chapter}% + \typeout{\(a)chapapp\space\thechapter.}% + \addcontentsline{toc}{chapter}% + {\protect\numberline{\thechapter}#1}% + \else + \addcontentsline{toc}{chapter}{#1}% + \fi + \else + \addcontentsline{toc}{chapter}{#1}% + \fi + \chaptermark{#1}% + \addtocontents{lof}{\protect\addvspace{10\p@}}% + \addtocontents{lot}{\protect\addvspace{10\p@}}% + \if@twocolumn + \@topnewpage[\@makechapterhead{#2}]% + \else + \@makechapterhead{#2}% + \@afterheading + \fi} +\def\@makechapterhead#1{% +% \vspace*{50\p@}% + {\centering + \ifnum \c@secnumdepth >\m@ne + \if@mainmatter + \large\bfseries \@chapapp{} \thechapter + \par\nobreak + \vskip 20\p@ + \fi + \fi + \interlinepenalty\@M + \Large \bfseries #1\par\nobreak + \vskip 40\p@ + }} +\def\@schapter#1{\if@twocolumn + \@topnewpage[\@makeschapterhead{#1}]% + \else + \@makeschapterhead{#1}% + \@afterheading + \fi} +\def\@makeschapterhead#1{% +% \vspace*{50\p@}% + {\centering + \normalfont + \interlinepenalty\@M + \Large \bfseries #1\par\nobreak + \vskip 40\p@ + }} + +\renewcommand\section{\@startsection{section}{1}{\z@}% + {-18\p@ \@plus -4\p@ \@minus -4\p@}% + {12\p@ \@plus 4\p@ \@minus 4\p@}% + {\normalfont\large\bfseries\boldmath + \rightskip=\z@ \@plus 8em\pretolerance=10000 }} +\renewcommand\subsection{\@startsection{subsection}{2}{\z@}% + {-18\p@ \@plus -4\p@ \@minus -4\p@}% + {8\p@ \@plus 4\p@ \@minus 4\p@}% + {\normalfont\normalsize\bfseries\boldmath + \rightskip=\z@ \@plus 8em\pretolerance=10000 }} +\renewcommand\subsubsection{\@startsection{subsubsection}{3}{\z@}% + {-18\p@ \@plus -4\p@ \@minus -4\p@}% + {-0.5em \@plus -0.22em \@minus -0.1em}% + {\normalfont\normalsize\bfseries\boldmath}} +\renewcommand\paragraph{\@startsection{paragraph}{4}{\z@}% + {-12\p@ \@plus -4\p@ \@minus -4\p@}% + {-0.5em \@plus -0.22em \@minus -0.1em}% + {\normalfont\normalsize\itshape}} +\renewcommand\subparagraph[1]{\typeout{LLNCS warning: You should not use + \string\subparagraph\space with this class}\vskip0.5cm +You should not use \verb|\subparagraph| with this class.\vskip0.5cm} + +\DeclareMathSymbol{\Gamma}{\mathalpha}{letters}{"00} +\DeclareMathSymbol{\Delta}{\mathalpha}{letters}{"01} +\DeclareMathSymbol{\Theta}{\mathalpha}{letters}{"02} +\DeclareMathSymbol{\Lambda}{\mathalpha}{letters}{"03} +\DeclareMathSymbol{\Xi}{\mathalpha}{letters}{"04} +\DeclareMathSymbol{\Pi}{\mathalpha}{letters}{"05} +\DeclareMathSymbol{\Sigma}{\mathalpha}{letters}{"06} +\DeclareMathSymbol{\Upsilon}{\mathalpha}{letters}{"07} +\DeclareMathSymbol{\Phi}{\mathalpha}{letters}{"08} +\DeclareMathSymbol{\Psi}{\mathalpha}{letters}{"09} +\DeclareMathSymbol{\Omega}{\mathalpha}{letters}{"0A} + +\let\footnotesize\small + +\if@custvec +\def\vec#1{\mathchoice{\mbox{\boldmath$\displaystyle#1$}} +{\mbox{\boldmath$\textstyle#1$}} +{\mbox{\boldmath$\scriptstyle#1$}} +{\mbox{\boldmath$\scriptscriptstyle#1$}}} +\fi + +\def\squareforqed{\hbox{\rlap{$\sqcap$}$\sqcup$}} +\def\qed{\ifmmode\squareforqed\else{\unskip\nobreak\hfil +\penalty50\hskip1em\null\nobreak\hfil\squareforqed +\parfillskip=0pt\finalhyphendemerits=0\endgraf}\fi} + +\def\getsto{\mathrel{\mathchoice {\vcenter{\offinterlineskip +\halign{\hfil +$\displaystyle##$\hfil\cr\gets\cr\to\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\textstyle##$\hfil\cr\gets +\cr\to\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptstyle##$\hfil\cr\gets +\cr\to\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptscriptstyle##$\hfil\cr +\gets\cr\to\cr}}}}} +\def\lid{\mathrel{\mathchoice {\vcenter{\offinterlineskip\halign{\hfil +$\displaystyle##$\hfil\cr<\cr\noalign{\vskip1.2pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\textstyle##$\hfil\cr<\cr +\noalign{\vskip1.2pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptstyle##$\hfil\cr<\cr +\noalign{\vskip1pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptscriptstyle##$\hfil\cr +<\cr +\noalign{\vskip0.9pt}=\cr}}}}} +\def\gid{\mathrel{\mathchoice {\vcenter{\offinterlineskip\halign{\hfil +$\displaystyle##$\hfil\cr>\cr\noalign{\vskip1.2pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\textstyle##$\hfil\cr>\cr +\noalign{\vskip1.2pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptstyle##$\hfil\cr>\cr +\noalign{\vskip1pt}=\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptscriptstyle##$\hfil\cr +>\cr +\noalign{\vskip0.9pt}=\cr}}}}} +\def\grole{\mathrel{\mathchoice {\vcenter{\offinterlineskip +\halign{\hfil +$\displaystyle##$\hfil\cr>\cr\noalign{\vskip-1pt}<\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\textstyle##$\hfil\cr +>\cr\noalign{\vskip-1pt}<\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptstyle##$\hfil\cr +>\cr\noalign{\vskip-0.8pt}<\cr}}} +{\vcenter{\offinterlineskip\halign{\hfil$\scriptscriptstyle##$\hfil\cr +>\cr\noalign{\vskip-0.3pt}<\cr}}}}} +\def\bbbr{{\rm I\!R}} %reelle Zahlen +\def\bbbm{{\rm I\!M}} +\def\bbbn{{\rm I\!N}} %natuerliche Zahlen +\def\bbbf{{\rm I\!F}} +\def\bbbh{{\rm I\!H}} +\def\bbbk{{\rm I\!K}} +\def\bbbp{{\rm I\!P}} +\def\bbbone{{\mathchoice {\rm 1\mskip-4mu l} {\rm 1\mskip-4mu l} +{\rm 1\mskip-4.5mu l} {\rm 1\mskip-5mu l}}} +\def\bbbc{{\mathchoice {\setbox0=\hbox{$\displaystyle\rm C$}\hbox{\hbox +to0pt{\kern0.4\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\textstyle\rm C$}\hbox{\hbox +to0pt{\kern0.4\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptstyle\rm C$}\hbox{\hbox +to0pt{\kern0.4\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptscriptstyle\rm C$}\hbox{\hbox +to0pt{\kern0.4\wd0\vrule height0.9\ht0\hss}\box0}}}} +\def\bbbq{{\mathchoice {\setbox0=\hbox{$\displaystyle\rm +Q$}\hbox{\raise +0.15\ht0\hbox to0pt{\kern0.4\wd0\vrule height0.8\ht0\hss}\box0}} +{\setbox0=\hbox{$\textstyle\rm Q$}\hbox{\raise +0.15\ht0\hbox to0pt{\kern0.4\wd0\vrule height0.8\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptstyle\rm Q$}\hbox{\raise +0.15\ht0\hbox to0pt{\kern0.4\wd0\vrule height0.7\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptscriptstyle\rm Q$}\hbox{\raise +0.15\ht0\hbox to0pt{\kern0.4\wd0\vrule height0.7\ht0\hss}\box0}}}} +\def\bbbt{{\mathchoice {\setbox0=\hbox{$\displaystyle\rm +T$}\hbox{\hbox to0pt{\kern0.3\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\textstyle\rm T$}\hbox{\hbox +to0pt{\kern0.3\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptstyle\rm T$}\hbox{\hbox +to0pt{\kern0.3\wd0\vrule height0.9\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptscriptstyle\rm T$}\hbox{\hbox +to0pt{\kern0.3\wd0\vrule height0.9\ht0\hss}\box0}}}} +\def\bbbs{{\mathchoice +{\setbox0=\hbox{$\displaystyle \rm S$}\hbox{\raise0.5\ht0\hbox +to0pt{\kern0.35\wd0\vrule height0.45\ht0\hss}\hbox +to0pt{\kern0.55\wd0\vrule height0.5\ht0\hss}\box0}} +{\setbox0=\hbox{$\textstyle \rm S$}\hbox{\raise0.5\ht0\hbox +to0pt{\kern0.35\wd0\vrule height0.45\ht0\hss}\hbox +to0pt{\kern0.55\wd0\vrule height0.5\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptstyle \rm S$}\hbox{\raise0.5\ht0\hbox +to0pt{\kern0.35\wd0\vrule height0.45\ht0\hss}\raise0.05\ht0\hbox +to0pt{\kern0.5\wd0\vrule height0.45\ht0\hss}\box0}} +{\setbox0=\hbox{$\scriptscriptstyle\rm S$}\hbox{\raise0.5\ht0\hbox +to0pt{\kern0.4\wd0\vrule height0.45\ht0\hss}\raise0.05\ht0\hbox +to0pt{\kern0.55\wd0\vrule height0.45\ht0\hss}\box0}}}} +\def\bbbz{{\mathchoice {\hbox{$\mathsf\textstyle Z\kern-0.4em Z$}} +{\hbox{$\mathsf\textstyle Z\kern-0.4em Z$}} +{\hbox{$\mathsf\scriptstyle Z\kern-0.3em Z$}} +{\hbox{$\mathsf\scriptscriptstyle Z\kern-0.2em Z$}}}} + +\let\ts\, + +\setlength\leftmargini {17\p@} +\setlength\leftmargin {\leftmargini} +\setlength\leftmarginii {\leftmargini} +\setlength\leftmarginiii {\leftmargini} +\setlength\leftmarginiv {\leftmargini} +\setlength \labelsep {.5em} +\setlength \labelwidth{\leftmargini} +\addtolength\labelwidth{-\labelsep} + +\def\@listI{\leftmargin\leftmargini + \parsep 0\p@ \@plus1\p@ \@minus\p@ + \topsep 8\p@ \@plus2\p@ \@minus4\p@ + \itemsep0\p@} +\let\@listi\@listI +\@listi +\def\@listii {\leftmargin\leftmarginii + \labelwidth\leftmarginii + \advance\labelwidth-\labelsep + \topsep 0\p@ \@plus2\p@ \@minus\p@} +\def\@listiii{\leftmargin\leftmarginiii + \labelwidth\leftmarginiii + \advance\labelwidth-\labelsep + \topsep 0\p@ \@plus\p@\@minus\p@ + \parsep \z@ + \partopsep \p@ \@plus\z@ \@minus\p@} + +\renewcommand\labelitemi{\normalfont\bfseries --} +\renewcommand\labelitemii{$\m@th\bullet$} + +\setlength\arraycolsep{1.4\p@} +\setlength\tabcolsep{1.4\p@} + +\def\tableofcontents{\chapter*{\contentsname\@mkboth{{\contentsname}}% + {{\contentsname}}} + \def\authcount##1{\setcounter{auco}{##1}\setcounter{@auth}{1}} + \def\lastand{\ifnum\value{auco}=2\relax + \unskip{} \andname\ + \else + \unskip \lastandname\ + \fi}% + \def\and{\stepcounter{@auth}\relax + \ifnum\value{@auth}=\value{auco}% + \lastand + \else + \unskip, + \fi}% + \@starttoc{toc}\if@restonecol\twocolumn\fi} + +\def\l@part#1#2{\addpenalty{\@secpenalty}% + \addvspace{2em plus\p@}% % space above part line + \begingroup + \parindent \z@ + \rightskip \z@ plus 5em + \hrule\vskip5pt + \large % same size as for a contribution heading + \bfseries\boldmath % set line in boldface + \leavevmode % TeX command to enter horizontal mode. + #1\par + \vskip5pt + \hrule + \vskip1pt + \nobreak % Never break after part entry + \endgroup} + +\def\@dotsep{2} + +\def\hyperhrefextend{\ifx\hyper@anchor\@undefined\else +{chapter.\thechapter}\fi} + +\def\addnumcontentsmark#1#2#3{% +\addtocontents{#1}{\protect\contentsline{#2}{\protect\numberline + {\thechapter}#3}{\thepage}\hyperhrefextend}} +\def\addcontentsmark#1#2#3{% +\addtocontents{#1}{\protect\contentsline{#2}{#3}{\thepage}\hyperhrefextend}} +\def\addcontentsmarkwop#1#2#3{% +\addtocontents{#1}{\protect\contentsline{#2}{#3}{0}\hyperhrefextend}} + +\def\@adcmk[#1]{\ifcase #1 \or +\def\@gtempa{\addnumcontentsmark}% + \or \def\@gtempa{\addcontentsmark}% + \or \def\@gtempa{\addcontentsmarkwop}% + \fi\@gtempa{toc}{chapter}} +\def\addtocmark{\@ifnextchar[{\@adcmk}{\@adcmk[3]}} + +\def\l@chapter#1#2{\addpenalty{-\@highpenalty} + \vskip 1.0em plus 1pt \@tempdima 1.5em \begingroup + \parindent \z@ \rightskip \@pnumwidth + \parfillskip -\@pnumwidth + \leavevmode \advance\leftskip\@tempdima \hskip -\leftskip + {\large\bfseries\boldmath#1}\ifx0#2\hfil\null + \else + \nobreak + \leaders\hbox{$\m@th \mkern \@dotsep mu.\mkern + \@dotsep mu$}\hfill + \nobreak\hbox to\@pnumwidth{\hss #2}% + \fi\par + \penalty\@highpenalty \endgroup} + +\def\l@title#1#2{\addpenalty{-\@highpenalty} + \addvspace{8pt plus 1pt} + \@tempdima \z@ + \begingroup + \parindent \z@ \rightskip \@tocrmarg + \parfillskip -\@tocrmarg + \leavevmode \advance\leftskip\@tempdima \hskip -\leftskip + #1\nobreak + \leaders\hbox{$\m@th \mkern \@dotsep mu.\mkern + \@dotsep mu$}\hfill + \nobreak\hbox to\@pnumwidth{\hss #2}\par + \penalty\@highpenalty \endgroup} + +\setcounter{tocdepth}{0} +\newdimen\tocchpnum +\newdimen\tocsecnum +\newdimen\tocsectotal +\newdimen\tocsubsecnum +\newdimen\tocsubsectotal +\newdimen\tocsubsubsecnum +\newdimen\tocsubsubsectotal +\newdimen\tocparanum +\newdimen\tocparatotal +\newdimen\tocsubparanum +\tocchpnum=\z@ % no chapter numbers +\tocsecnum=15\p@ % section 88. plus 2.222pt +\tocsubsecnum=23\p@ % subsection 88.8 plus 2.222pt +\tocsubsubsecnum=27\p@ % subsubsection 88.8.8 plus 1.444pt +\tocparanum=35\p@ % paragraph 88.8.8.8 plus 1.666pt +\tocsubparanum=43\p@ % subparagraph 88.8.8.8.8 plus 1.888pt +\def\calctocindent{% +\tocsectotal=\tocchpnum +\advance\tocsectotal by\tocsecnum +\tocsubsectotal=\tocsectotal +\advance\tocsubsectotal by\tocsubsecnum +\tocsubsubsectotal=\tocsubsectotal +\advance\tocsubsubsectotal by\tocsubsubsecnum +\tocparatotal=\tocsubsubsectotal +\advance\tocparatotal by\tocparanum} +\calctocindent + +\def\l@section{\@dottedtocline{1}{\tocchpnum}{\tocsecnum}} +\def\l@subsection{\@dottedtocline{2}{\tocsectotal}{\tocsubsecnum}} +\def\l@subsubsection{\@dottedtocline{3}{\tocsubsectotal}{\tocsubsubsecnum}} +\def\l@paragraph{\@dottedtocline{4}{\tocsubsubsectotal}{\tocparanum}} +\def\l@subparagraph{\@dottedtocline{5}{\tocparatotal}{\tocsubparanum}} + +\def\listoffigures{\@restonecolfalse\if@twocolumn\@restonecoltrue\onecolumn + \fi\section*{\listfigurename\@mkboth{{\listfigurename}}{{\listfigurename}}} + \@starttoc{lof}\if@restonecol\twocolumn\fi} +\def\l@figure{\@dottedtocline{1}{0em}{1.5em}} + +\def\listoftables{\@restonecolfalse\if@twocolumn\@restonecoltrue\onecolumn + \fi\section*{\listtablename\@mkboth{{\listtablename}}{{\listtablename}}} + \@starttoc{lot}\if@restonecol\twocolumn\fi} +\let\l@table\l@figure + +\renewcommand\listoffigures{% + \section*{\listfigurename + \@mkboth{\listfigurename}{\listfigurename}}% + \@starttoc{lof}% + } + +\renewcommand\listoftables{% + \section*{\listtablename + \@mkboth{\listtablename}{\listtablename}}% + \@starttoc{lot}% + } + +\ifx\oribibl\undefined +\ifx\citeauthoryear\undefined +\renewenvironment{thebibliography}[1] + {\section*{\refname} + \def\(a)biblabel##1{##1.} + \small + \list{\@biblabel{\@arabic\c@enumiv}}% + {\settowidth\labelwidth{\@biblabel{#1}}% + \leftmargin\labelwidth + \advance\leftmargin\labelsep + \if@openbib + \advance\leftmargin\bibindent + \itemindent -\bibindent + \listparindent \itemindent + \parsep \z@ + \fi + \usecounter{enumiv}% + \let\p@enumiv\@empty + \renewcommand\theenumiv{\@arabic\c@enumiv}}% + \if@openbib + \renewcommand\newblock{\par}% + \else + \renewcommand\newblock{\hskip .11em \(a)plus.33em \(a)minus.07em}% + \fi + \sloppy\clubpenalty4000\widowpenalty4000% + \sfcode`\.=\@m} + {\def\@noitemerr + {\@latex@warning{Empty `thebibliography' environment}}% + \endlist} +\def\@lbibitem[#1]#2{\item[{[#1]}\hfill]\if@filesw + {\let\protect\noexpand\immediate + \write\@auxout{\string\bibcite{#2}{#1}}}\fi\ignorespaces} +\newcount\@tempcntc +\def\@citex[#1]#2{\if@filesw\immediate\write\@auxout{\string\citation{#2}}\fi + \@tempcnta\z@\@tempcntb\m@ne\def\@citea{}\@cite{\@for\@citeb:=#2\do + {\@ifundefined + {b@\@citeb}{\@citeo\@tempcntb\m@ne\@citea\def\@citea{,}{\bfseries + ?}\@warning + {Citation `\@citeb' on page \thepage \space undefined}}% + {\setbox\z@\hbox{\global\@tempcntc0\csname b@\@citeb\endcsname\relax}% + \ifnum\@tempcntc=\z@ \@citeo\@tempcntb\m@ne + \@citea\def\@citea{,}\hbox{\csname b@\@citeb\endcsname}% + \else + \advance\@tempcntb\@ne + \ifnum\@tempcntb=\@tempcntc + \else\advance\@tempcntb\m@ne\@citeo + \@tempcnta\@tempcntc\@tempcntb\@tempcntc\fi\fi}}\@citeo}{#1}} +\def\@citeo{\ifnum\@tempcnta>\@tempcntb\else + \@citea\def\@citea{,\,\hskip\z@skip}% + \ifnum\@tempcnta=\@tempcntb\the\@tempcnta\else + {\advance\@tempcnta\@ne\ifnum\@tempcnta=\@tempcntb \else + \def\@citea{--}\fi + \advance\@tempcnta\m@ne\the\@tempcnta\@citea\the\@tempcntb}\fi\fi} +\else +\renewenvironment{thebibliography}[1] + {\section*{\refname} + \small + \list{}% + {\settowidth\labelwidth{}% + \leftmargin\parindent + \itemindent=-\parindent + \labelsep=\z@ + \if@openbib + \advance\leftmargin\bibindent + \itemindent -\bibindent + \listparindent \itemindent + \parsep \z@ + \fi + \usecounter{enumiv}% + \let\p@enumiv\@empty + \renewcommand\theenumiv{}}% + \if@openbib + \renewcommand\newblock{\par}% + \else + \renewcommand\newblock{\hskip .11em \(a)plus.33em \(a)minus.07em}% + \fi + \sloppy\clubpenalty4000\widowpenalty4000% + \sfcode`\.=\@m} + {\def\@noitemerr + {\@latex@warning{Empty `thebibliography' environment}}% + \endlist} + \def\@cite#1{#1}% + \def\@lbibitem[#1]#2{\item[]\if@filesw + {\def\protect##1{\string ##1\space}\immediate + \write\@auxout{\string\bibcite{#2}{#1}}}\fi\ignorespaces} + \fi +\else +\@cons\@openbib@code{\noexpand\small} +\fi + +\def\idxquad{\hskip 10\p@}% space that divides entry from number + +\def\@idxitem{\par\hangindent 10\p@} + +\def\subitem{\par\setbox0=\hbox{--\enspace}% second order + \noindent\hangindent\wd0\box0}% index entry + +\def\subsubitem{\par\setbox0=\hbox{--\,--\enspace}% third + \noindent\hangindent\wd0\box0}% order index entry + +\def\indexspace{\par \vskip 10\p@ plus5\p@ minus3\p@\relax} + +\renewenvironment{theindex} + {\@mkboth{\indexname}{\indexname}% + \thispagestyle{empty}\parindent\z@ + \parskip\z@ \@plus .3\p@\relax + \let\item\par + \def\,{\relax\ifmmode\mskip\thinmuskip + \else\hskip0.2em\ignorespaces\fi}% + \normalfont\small + \begin{multicols}{2}[\@makeschapterhead{\indexname}]% + } + {\end{multicols}} + +\renewcommand\footnoterule{% + \kern-3\p@ + \hrule\@width 2truecm + \kern2.6\p@} + \newdimen\fnindent + \fnindent1em +\long\def\@makefntext#1{% + \parindent \fnindent% + \leftskip \fnindent% + \noindent + \llap{\hb@xt@1em{\hss\@makefnmark\ }}\ignorespaces#1} + +\long\def\@makecaption#1#2{% + \vskip\abovecaptionskip + \sbox\@tempboxa{{\bfseries #1.} #2}% + \ifdim \wd\@tempboxa >\hsize + {\bfseries #1.} #2\par + \else + \global \@minipagefalse + \hb@xt@\hsize{\hfil\box\@tempboxa\hfil}% + \fi + \vskip\belowcaptionskip} + +\def\fps@figure{htbp} +\def\fnum@figure{\figurename\thinspace\thefigure} +\def \@floatboxreset {% + \reset@font + \small + \@setnobreak + \@setminipage +} +\def\fps@table{htbp} +\def\fnum@table{\tablename~\thetable} +\renewenvironment{table} + {\setlength\abovecaptionskip{0\p@}% + \setlength\belowcaptionskip{10\p@}% + \@float{table}} + {\end@float} +\renewenvironment{table*} + {\setlength\abovecaptionskip{0\p@}% + \setlength\belowcaptionskip{10\p@}% + \@dblfloat{table}} + {\end@dblfloat} + +\long\def\@caption#1[#2]#3{\par\addcontentsline{\csname + ext@#1\endcsname}{#1}{\protect\numberline{\csname + the#1\endcsname}{\ignorespaces #2}}\begingroup + \@parboxrestore + \@makecaption{\csname fnum@#1\endcsname}{\ignorespaces #3}\par + \endgroup} + +% LaTeX does not provide a command to enter the authors institute +% addresses. The \institute command is defined here. + +\newcounter{@inst} +\newcounter{@auth} +\newcounter{auco} +\def\andname{and} +\def\lastandname{\unskip, and} +\newdimen\instindent +\newbox\authrun +\newtoks\authorrunning +\newtoks\tocauthor +\newbox\titrun +\newtoks\titlerunning +\newtoks\toctitle + +\def\clearheadinfo{\gdef\@author{No Author Given}% + \gdef\@title{No Title Given}% + \gdef\@subtitle{}% + \gdef\@institute{No Institute Given}% + \gdef\@thanks{}% + \global\titlerunning={}\global\authorrunning={}% + \global\toctitle={}\global\tocauthor={}} + +\def\institute#1{\gdef\@institute{#1}} + +\def\institutename{\par + \begingroup + \parskip=\z@ + \parindent=\z@ + \setcounter{@inst}{1}% + \def\and{\par\stepcounter{@inst}% + \noindent$^{\the@inst}$\enspace\ignorespaces}% + \setbox0=\vbox{\def\thanks##1{}\@institute}% + \ifnum\c@@inst=1\relax + \else + \setcounter{footnote}{\c@@inst}% + \setcounter{@inst}{1}% + \noindent$^{\the@inst}$\enspace + \fi + \ignorespaces + \@institute\par + \endgroup} + +\def\@fnsymbol#1{\ensuremath{\ifcase#1\or\star\or{\star\star}\or + {\star\star\star}\or \dagger\or \ddagger\or + \mathchar "278\or \mathchar "27B\or \|\or **\or \dagger\dagger + \or \ddagger\ddagger \else\@ctrerr\fi}} + +\def\inst#1{\unskip$^{#1}$} +\def\fnmsep{\unskip$^,$} +\def\email#1{{\tt#1}} +\AtBeginDocument{\@ifundefined{url}{\def\url#1{#1}}{}} +\def\homedir{\~{ }} + +\def\subtitle#1{\gdef\@subtitle{#1}} +\clearheadinfo + +\renewcommand\maketitle{\newpage + \refstepcounter{chapter}% + \stepcounter{section}% + \setcounter{section}{0}% + \setcounter{subsection}{0}% + \setcounter{figure}{0} + \setcounter{table}{0} + \setcounter{equation}{0} + \setcounter{footnote}{0}% + \begingroup + \parindent=\z@ + \renewcommand\thefootnote{\@fnsymbol\c@footnote}% + \if@twocolumn + \ifnum \col@number=\@ne + \@maketitle + \else + \twocolumn[\@maketitle]% + \fi + \else + \newpage + \global\@topnum\z@ % Prevents figures from going at top of page. + \@maketitle + \fi + \thispagestyle{empty}\@thanks +% + \def\\{\unskip\ \ignorespaces}\def\inst##1{\unskip{}}% + \def\thanks##1{\unskip{}}\def\fnmsep{\unskip}% + \instindent=\hsize + \advance\instindent by-\headlineindent + \if!\the\toctitle!\addcontentsline{toc}{title}{\@title}\else + \addcontentsline{toc}{title}{\the\toctitle}\fi + \if@runhead + \if!\the\titlerunning!\else + \edef\@title{\the\titlerunning}% + \fi + \global\setbox\titrun=\hbox{\small\rm\unboldmath\ignorespaces\@title}% + \ifdim\wd\titrun>\instindent + \typeout{Title too long for running head. Please supply}% + \typeout{a shorter form with \string\titlerunning\space prior to + \string\maketitle}% + \global\setbox\titrun=\hbox{\small\rm + Title Suppressed Due to Excessive Length}% + \fi + \xdef\@title{\copy\titrun}% + \fi +% + \if!\the\tocauthor!\relax + {\def\and{\noexpand\protect\noexpand\and}% + \protected@xdef\toc@uthor{\@author}}% + \else + \def\\{\noexpand\protect\noexpand\newline}% + \protected@xdef\scratch{\the\tocauthor}% + \protected@xdef\toc@uthor{\scratch}% + \fi + \addtocontents{toc}{{\protect\raggedright\protect\leftskip15\p@ + \protect\rightskip\@tocrmarg + \protect\itshape\toc@uthor\protect\endgraf}}% + \if@runhead + \if!\the\authorrunning! + \value{@inst}=\value{@auth}% + \setcounter{@auth}{1}% + \else + \edef\@author{\the\authorrunning}% + \fi + \global\setbox\authrun=\hbox{\small\unboldmath\@author\unskip}% + \ifdim\wd\authrun>\instindent + \typeout{Names of authors too long for running head. Please supply}% + \typeout{a shorter form with \string\authorrunning\space prior to + \string\maketitle}% + \global\setbox\authrun=\hbox{\small\rm + Authors Suppressed Due to Excessive Length}% + \fi + \xdef\@author{\copy\authrun}% + \markboth{\@author}{\@title}% + \fi + \endgroup + \setcounter{footnote}{0}% + \clearheadinfo} +% +\def\@maketitle{\newpage + \markboth{}{}% + \def\lastand{\ifnum\value{@inst}=2\relax + \unskip{} \andname\ + \else + \unskip \lastandname\ + \fi}% + \def\and{\stepcounter{@auth}\relax + \ifnum\value{@auth}=\value{@inst}% + \lastand + \else + \unskip, + \fi}% + \begin{center}% + {\Large \bfseries\boldmath + \pretolerance=10000 + \@title \par}\vskip .8cm +\if!\@subtitle!\else {\large \bfseries\boldmath + \vskip -.65cm + \pretolerance=10000 + \@subtitle \par}\vskip .8cm\fi + \setbox0=\vbox{\setcounter{@auth}{1}\def\and{\stepcounter{@auth}}% + \def\thanks##1{}\@author}% + \global\value{@inst}=\value{@auth}% + \global\value{auco}=\value{@auth}% + \setcounter{@auth}{1}% +{\lineskip .5em +\noindent\ignorespaces +\(a)author\vskip.35cm} + {\small\institutename} + \end{center}% + } + +% definition of the "\spnewtheorem" command. +% +% Usage: +% +% \spnewtheorem{env_nam}{caption}[within]{cap_font}{body_font} +% or \spnewtheorem{env_nam}[numbered_like]{caption}{cap_font}{body_font} +% or \spnewtheorem*{env_nam}{caption}{cap_font}{body_font} +% +% New is "cap_font" and "body_font". It stands for +% fontdefinition of the caption and the text itself. +% +% "\spnewtheorem*" gives a theorem without number. +% +% A defined spnewthoerem environment is used as described +% by Lamport. +% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +\def\@thmcountersep{} +\def\(a)thmcounterend{.} + +\def\spnewtheorem{\@ifstar{\@sthm}{\@Sthm}} + +% definition of \spnewtheorem with number + +\def\@spnthm#1#2{% + \@ifnextchar[{\@spxnthm{#1}{#2}}{\@spynthm{#1}{#2}}} +\def\@Sthm#1{\@ifnextchar[{\@spothm{#1}}{\@spnthm{#1}}} + +\def\@spxnthm#1#2[#3]#4#5{\expandafter\@ifdefinable\csname #1\endcsname + {\@definecounter{#1}\@addtoreset{#1}{#3}% + \expandafter\xdef\csname the#1\endcsname{\expandafter\noexpand + \csname the#3\endcsname \noexpand\@thmcountersep \@thmcounter{#1}}% + \expandafter\xdef\csname #1name\endcsname{#2}% + \global\@namedef{#1}{\@spthm{#1}{\csname #1name\endcsname}{#4}{#5}}% + \global\@namedef{end#1}{\@endtheorem}}} + +\def\@spynthm#1#2#3#4{\expandafter\@ifdefinable\csname #1\endcsname + {\@definecounter{#1}% + \expandafter\xdef\csname the#1\endcsname{\@thmcounter{#1}}% + \expandafter\xdef\csname #1name\endcsname{#2}% + \global\@namedef{#1}{\@spthm{#1}{\csname #1name\endcsname}{#3}{#4}}% + \global\@namedef{end#1}{\@endtheorem}}} + +\def\@spothm#1[#2]#3#4#5{% + \@ifundefined{c@#2}{\@latexerr{No theorem environment `#2' defined}\@eha}% + {\expandafter\@ifdefinable\csname #1\endcsname + {\global\@namedef{the#1}{\@nameuse{the#2}}% + \expandafter\xdef\csname #1name\endcsname{#3}% + \global\@namedef{#1}{\@spthm{#2}{\csname #1name\endcsname}{#4}{#5}}% + \global\@namedef{end#1}{\@endtheorem}}}} + +\def\@spthm#1#2#3#4{\topsep 7\p@ \@plus2\p@ \@minus4\p@ +\refstepcounter{#1}% +\@ifnextchar[{\@spythm{#1}{#2}{#3}{#4}}{\@spxthm{#1}{#2}{#3}{#4}}} + +\def\@spxthm#1#2#3#4{\@spbegintheorem{#2}{\csname the#1\endcsname}{#3}{#4}% + \ignorespaces} + +\def\@spythm#1#2#3#4[#5]{\@spopargbegintheorem{#2}{\csname + the#1\endcsname}{#5}{#3}{#4}\ignorespaces} + +\def\@spbegintheorem#1#2#3#4{\trivlist + \item[\hskip\labelsep{#3#1\ #2\@thmcounterend}]#4} + +\def\@spopargbegintheorem#1#2#3#4#5{\trivlist + \item[\hskip\labelsep{#4#1\ #2}]{#4(#3)\@thmcounterend\ }#5} + +% definition of \spnewtheorem* without number + +\def\@sthm#1#2{\@Ynthm{#1}{#2}} + +\def\@Ynthm#1#2#3#4{\expandafter\@ifdefinable\csname #1\endcsname + {\global\@namedef{#1}{\@Thm{\csname #1name\endcsname}{#3}{#4}}% + \expandafter\xdef\csname #1name\endcsname{#2}% + \global\@namedef{end#1}{\@endtheorem}}} + +\def\@Thm#1#2#3{\topsep 7\p@ \@plus2\p@ \@minus4\p@ +\@ifnextchar[{\@Ythm{#1}{#2}{#3}}{\@Xthm{#1}{#2}{#3}}} + +\def\@Xthm#1#2#3{\@Begintheorem{#1}{#2}{#3}\ignorespaces} + +\def\@Ythm#1#2#3[#4]{\@Opargbegintheorem{#1} + {#4}{#2}{#3}\ignorespaces} + +\def\@Begintheorem#1#2#3{#3\trivlist + \item[\hskip\labelsep{#2#1\@thmcounterend}]} + +\def\@Opargbegintheorem#1#2#3#4{#4\trivlist + \item[\hskip\labelsep{#3#1}]{#3(#2)\@thmcounterend\ }} + +\if@envcntsect + \def\(a)thmcountersep{.} + \spnewtheorem{theorem}{Theorem}[section]{\bfseries}{\itshape} +\else + \spnewtheorem{theorem}{Theorem}{\bfseries}{\itshape} + \if@envcntreset + \@addtoreset{theorem}{section} + \else + \@addtoreset{theorem}{chapter} + \fi +\fi + +%definition of divers theorem environments +\spnewtheorem*{claim}{Claim}{\itshape}{\rmfamily} +\spnewtheorem*{proof}{Proof}{\itshape}{\rmfamily} +\if@envcntsame % alle Umgebungen wie Theorem. + \def\spn@wtheorem#1#2#3#4{\@spothm{#1}[theorem]{#2}{#3}{#4}} +\else % alle Umgebungen mit eigenem Zaehler + \if@envcntsect % mit section numeriert + \def\spn@wtheorem#1#2#3#4{\@spxnthm{#1}{#2}[section]{#3}{#4}} + \else % nicht mit section numeriert + \if@envcntreset + \def\spn@wtheorem#1#2#3#4{\@spynthm{#1}{#2}{#3}{#4} + \@addtoreset{#1}{section}} + \else + \def\spn@wtheorem#1#2#3#4{\@spynthm{#1}{#2}{#3}{#4} + \@addtoreset{#1}{chapter}}% + \fi + \fi +\fi +\spn@wtheorem{case}{Case}{\itshape}{\rmfamily} +\spn@wtheorem{conjecture}{Conjecture}{\itshape}{\rmfamily} +\spn@wtheorem{corollary}{Corollary}{\bfseries}{\itshape} +\spn@wtheorem{definition}{Definition}{\bfseries}{\itshape} +\spn@wtheorem{example}{Example}{\itshape}{\rmfamily} +\spn@wtheorem{exercise}{Exercise}{\itshape}{\rmfamily} +\spn@wtheorem{lemma}{Lemma}{\bfseries}{\itshape} +\spn@wtheorem{note}{Note}{\itshape}{\rmfamily} +\spn@wtheorem{problem}{Problem}{\itshape}{\rmfamily} +\spn@wtheorem{property}{Property}{\itshape}{\rmfamily} +\spn@wtheorem{proposition}{Proposition}{\bfseries}{\itshape} +\spn@wtheorem{question}{Question}{\itshape}{\rmfamily} +\spn@wtheorem{solution}{Solution}{\itshape}{\rmfamily} +\spn@wtheorem{remark}{Remark}{\itshape}{\rmfamily} + +\def\@takefromreset#1#2{% + \def\@tempa{#1}% + \let\@tempd\@elt + \def\@elt##1{% + \def\@tempb{##1}% + \ifx\@tempa\@tempb\else + \@addtoreset{##1}{#2}% + \fi}% + \expandafter\expandafter\let\expandafter\@tempc\csname cl@#2\endcsname + \expandafter\def\csname cl@#2\endcsname{}% + \@tempc + \let\@elt\@tempd} + +\def\theopargself{\def\@spopargbegintheorem##1##2##3##4##5{\trivlist + \item[\hskip\labelsep{##4##1\ ##2}]{##4##3\@thmcounterend\ }##5} + \def\@Opargbegintheorem##1##2##3##4{##4\trivlist + \item[\hskip\labelsep{##3##1}]{##3##2\@thmcounterend\ }} + } + +\renewenvironment{abstract}{% + \list{}{\advance\topsep by0.35cm\relax\small + \leftmargin=1cm + \labelwidth=\z@ + \listparindent=\z@ + \itemindent\listparindent + \rightmargin\leftmargin}\item[\hskip\labelsep + \bfseries\abstractname]} + {\endlist} +\renewcommand{\abstractname}{Abstract} +\renewcommand{\contentsname}{Table of Contents} +\renewcommand{\figurename}{Fig.} +\renewcommand{\tablename}{Table} + +\newdimen\headlineindent % dimension for space between +\headlineindent=1.166cm % number and text of headings. + +\def\ps@headings{\let\@mkboth\@gobbletwo + \let\@oddfoot\@empty\let\@evenfoot\@empty + \def\@evenhead{\normalfont\small\rlap{\thepage}\hspace{\headlineindent}% + \leftmark\hfil} + \def\@oddhead{\normalfont\small\hfil\rightmark\hspace{\headlineindent}% + \llap{\thepage}} + \def\chaptermark##1{}% + \def\sectionmark##1{}% + \def\subsectionmark##1{}} + +\def\ps@titlepage{\let\@mkboth\@gobbletwo + \let\@oddfoot\@empty\let\@evenfoot\@empty + \def\@evenhead{\normalfont\small\rlap{\thepage}\hspace{\headlineindent}% + \hfil} + \def\@oddhead{\normalfont\small\hfil\hspace{\headlineindent}% + \llap{\thepage}} + \def\chaptermark##1{}% + \def\sectionmark##1{}% + \def\subsectionmark##1{}} + +\if@runhead\ps@headings\else +\ps@empty\fi + +\setlength\arraycolsep{1.4\p@} +\setlength\tabcolsep{1.4\p@} + +\endinput + Added: projects/articles/browser-privacy/usenix.sty =================================================================== --- projects/articles/browser-privacy/usenix.sty (rev 0) +++ projects/articles/browser-privacy/usenix.sty 2011-04-26 01:06:35 UTC (rev 24668) @@ -0,0 +1,97 @@ +% usenix-2e.sty - to be used with latex2e (the new one) for USENIX. +% To use this style file, do this: +% +% \documentclass[twocolumn]{article} +% \usepackage{usenix-2e} +% and put {\rm ....} around the author names. +% +% The following definitions are modifications of standard article.sty +% definitions, arranged to do a better job of matching the USENIX +% guidelines. +% It will automatically select two-column mode and the Times-Roman +% font. + +% +% USENIX papers are two-column. +% Times-Roman font is nice if you can get it (requires NFSS, +% which is in latex2e. + +%\if@twocolumn\else\input twocolumn.sty\fi +\usepackage{times} + +% +% USENIX wants margins of: 7/8" side, 1" bottom, and 3/4" top. +% 0.25" gutter between columns. +% Gives active areas of 6.75" x 9.25" +% +\setlength{\textheight}{9.0in} +\setlength{\columnsep}{0.25in} +\setlength{\textwidth}{6.75in} +%\setlength{\textwidth}{7.00in} +%\setlength{\footheight}{0.0in} +\setlength{\topmargin}{-0.25in} +\setlength{\headheight}{0.0in} +\setlength{\headsep}{0.0in} +\setlength{\evensidemargin}{-0.125in} +\setlength{\oddsidemargin}{-0.125in} + +% +% Usenix wants no page numbers for submitted papers, so that they can +% number them themselves. +% +\pagestyle{empty} + +% +% Usenix titles are in 14-point bold type, with no date, and with no +% change in the empty page headers. The whol author section is 12 point +% italic--- you must use {\rm } around the actual author names to get +% them in roman. +% +\def\maketitle{\par + \begingroup + \renewcommand\thefootnote{\fnsymbol{footnote}}% + \def\@makefnmark{\hbox to\z@{$\m@th^{\@thefnmark}$\hss}}% + \long\def\@makefntext##1{\parindent 1em\noindent + \hbox to1.8em{\hss$\m@th^{\@thefnmark}$}##1}% + \if@twocolumn + \twocolumn[\@maketitle]% + \else \newpage + \global\@topnum\z@ + \@maketitle \fi\@thanks + \endgroup + \setcounter{footnote}{0}% + \let\maketitle\relax + \let\@maketitle\relax + \gdef\@thanks{}\gdef\@author{}\gdef\@title{}\let\thanks\relax} + +\def\@maketitle{\newpage + %\vbox to 0.5in{ + \vbox to 1.5in{ + %\vspace*{\fill} + %\vskip 2em + \begin{center}% + {\Large\bf \@title \par}% + \vskip 0.250in minus 0.250in + {\large\it + \lineskip .5em + \begin{tabular}[t]{c}\@author + \end{tabular}\par}% + \end{center}% + \par + \vspace*{\fill} +% \vskip 1.5em + } +} + +% +% The abstract is preceded by a 12-pt bold centered heading +\def\abstract{\begin{center}% +{\large\bf \abstractname\vspace{-.5em}\vspace{\z@}}% +\end{center}} +\def\endabstract{} + +% +% Main section titles are 12-pt bold. Others can be same or smaller. +% +\def\section{\@startsection {section}{1}{\z(a)}{-3.5ex plus-1ex minus + -.2ex}{2.3ex plus.2ex}{\reset@font\large\bf}}

1 0

[tor/master] Merge remote-tracking branch 'origin/maint-0.2.2'
by nickm＠torproject.org 25 Apr '11

25 Apr '11

commit 5230cc4fe7f80396304681ce2e9a1d0421920c40 Merge: fdbdaf8 f3b58df Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Apr 25 19:04:13 2011 -0400 Merge remote-tracking branch 'origin/maint-0.2.2' changes/bug2971 | 6 ++++++ src/or/config.c | 4 +++- 2 files changed, 9 insertions(+), 1 deletions(-)

1 0

[tor/master] Make the Log configuration option expand ~
by nickm＠torproject.org 25 Apr '11

25 Apr '11

commit 91aa6f08bcf0acbdfa038aaffe73e327ddd87c67 Author: Sebastian Hahn <sebastian(a)torproject.org> Date: Fri Apr 22 16:06:52 2011 +0200 Make the Log configuration option expand ~ --- changes/bug2971 | 6 ++++++ src/or/config.c | 4 +++- 2 files changed, 9 insertions(+), 1 deletions(-) diff --git a/changes/bug2971 b/changes/bug2971 new file mode 100644 index 0000000..8b71ce0 --- /dev/null +++ b/changes/bug2971 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Be more consistent in our treatment of file system paths. ~ should + get expanded to the user's home directory in the Log config option. + Bugfix on 0.2.0.1-alpha, which introduced the feature for the -f and + --DataDirectory options. + diff --git a/src/or/config.c b/src/or/config.c index 5000f5d..3770301 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -4382,11 +4382,13 @@ options_init_logs(or_options_t *options, int validate_only) if (smartlist_len(elts) == 2 && !strcasecmp(smartlist_get(elts,0), "file")) { if (!validate_only) { - if (add_file_log(severity, smartlist_get(elts, 1)) < 0) { + char *fname = expand_filename(smartlist_get(elts, 1)); + if (add_file_log(severity, fname) < 0) { log_warn(LD_CONFIG, "Couldn't open file for 'Log %s': %s", opt->value, strerror(errno)); ok = 0; } + tor_free(fname); } goto cleanup; }

1 0

[tor/master] Merge commit '91aa6f08bcf0acbdfa038aaffe73e327ddd87c67' into maint-0.2.2
by nickm＠torproject.org 25 Apr '11

25 Apr '11

commit f3b58dfa53d87656f558a97bc28a333bdea06017 Merge: a0514ba 91aa6f0 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Apr 25 19:03:15 2011 -0400 Merge commit '91aa6f08bcf0acbdfa038aaffe73e327ddd87c67' into maint-0.2.2 changes/bug2971 | 6 ++++++ src/or/config.c | 4 +++- 2 files changed, 9 insertions(+), 1 deletions(-)

1 0

[tor/maint-0.2.2] Make the Log configuration option expand ~
by nickm＠torproject.org 25 Apr '11

25 Apr '11

commit 91aa6f08bcf0acbdfa038aaffe73e327ddd87c67 Author: Sebastian Hahn <sebastian(a)torproject.org> Date: Fri Apr 22 16:06:52 2011 +0200 Make the Log configuration option expand ~ --- changes/bug2971 | 6 ++++++ src/or/config.c | 4 +++- 2 files changed, 9 insertions(+), 1 deletions(-) diff --git a/changes/bug2971 b/changes/bug2971 new file mode 100644 index 0000000..8b71ce0 --- /dev/null +++ b/changes/bug2971 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Be more consistent in our treatment of file system paths. ~ should + get expanded to the user's home directory in the Log config option. + Bugfix on 0.2.0.1-alpha, which introduced the feature for the -f and + --DataDirectory options. + diff --git a/src/or/config.c b/src/or/config.c index 5000f5d..3770301 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -4382,11 +4382,13 @@ options_init_logs(or_options_t *options, int validate_only) if (smartlist_len(elts) == 2 && !strcasecmp(smartlist_get(elts,0), "file")) { if (!validate_only) { - if (add_file_log(severity, smartlist_get(elts, 1)) < 0) { + char *fname = expand_filename(smartlist_get(elts, 1)); + if (add_file_log(severity, fname) < 0) { log_warn(LD_CONFIG, "Couldn't open file for 'Log %s': %s", opt->value, strerror(errno)); ok = 0; } + tor_free(fname); } goto cleanup; }

1 0

[tor/maint-0.2.2] Merge commit '91aa6f08bcf0acbdfa038aaffe73e327ddd87c67' into maint-0.2.2
by nickm＠torproject.org 25 Apr '11

25 Apr '11

commit f3b58dfa53d87656f558a97bc28a333bdea06017 Merge: a0514ba 91aa6f0 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Apr 25 19:03:15 2011 -0400 Merge commit '91aa6f08bcf0acbdfa038aaffe73e327ddd87c67' into maint-0.2.2 changes/bug2971 | 6 ++++++ src/or/config.c | 4 +++- 2 files changed, 9 insertions(+), 1 deletions(-)

1 0

[tor/release-0.2.2] Fix a bug in removing DNSPort requests from their circular list
by arma＠torproject.org 25 Apr '11

25 Apr '11

commit e98583594d897ac32745061143e565c6f4b45f97 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Apr 21 13:39:00 2011 -0400 Fix a bug in removing DNSPort requests from their circular list Under heavy load, this could result in an assertion failure. Fix for bug 2933; bugfix on 0.2.0.10-alpha. --- changes/bug2933 | 4 ++++ src/or/eventdns.c | 2 +- 2 files changed, 5 insertions(+), 1 deletions(-) diff --git a/changes/bug2933 b/changes/bug2933 new file mode 100644 index 0000000..7aaf526 --- /dev/null +++ b/changes/bug2933 @@ -0,0 +1,4 @@ + o Minor bugfixes + - Fix an uncommon assertion failure when running with DNSPort under + heavy load. Fixes bug 2933; bugfix on 2.0.1-alpha. + diff --git a/src/or/eventdns.c b/src/or/eventdns.c index a889e80..2777f90 100644 --- a/src/or/eventdns.c +++ b/src/or/eventdns.c @@ -1949,7 +1949,7 @@ server_request_free(struct server_request *req) if (req->port) { if (req->port->pending_replies == req) { - if (req->next_pending) + if (req->next_pending && req->next_pending != req) req->port->pending_replies = req->next_pending; else req->port->pending_replies = NULL;

1 0