- tor-dev - lists.torproject.org

[GSoC16] Expand Nyx - Status Report 2
by Sambuddha Basu 18 Jun '16

18 Jun '16

Hi everyone, This is the second status report for the 'Expand Nyx' project for GSoC 2016. I have been working on the following things: * Updated --log commandline argument and startup.events. Previously, arcane strings were entered for --log commandline argument and startup.events. This has now been replaced by event names separated by commas. * Added the event description for event selection dialog box. Colors have been added and tests have been updated for the selection dialog box too. During the next week, I will be working on getting back the interpreter panel from the last release(1.4.5). Hope everyone has a fun weekend! Sambuddha

1 0

[GSOC 16] Ahmia status update #2
by Ismael R 17 Jun '16

17 Jun '16

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi everyone, I'm working on ahmia.fi, the hidden service search engine and you're reading status update #2. Since last time, here is what I've been working on: Improve project structure, code quality and documentation The three repositories I talked in status update #1 are ready [1][2][3], each one with an installation guide. I used static analysis to improve code format, remove duplicate code, and fix some bugs. Project automation - - For each push, code is automatically tested and analyzed with travis-C I. - - Requires.io tracks vulnerable or outdated requirements. - - Landscape.io estimate code quality on each push. Regroup all data to elasticsearch To improve search quality, more data attributes will be used, some of which are not yet in our index. We need to crawl more attributes and move search logic from Django to elasticsearch. During the next two weeks, I will focus on the django part. See you in two weeks! :) Ismael [1] https://github.com/ahmia/ahmia-site [2] https://github.com/ahmia/ahmia-crawler [3] https://github.com/ahmia/ahmia-index -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXZFpRAAoJEKhDKCOT41OSOxQP/0SpRWA5N6gQqolGWq534/It L1pMQpDlB56cd8a4h7XYdoxaYeC8lkfwT9K9LNGfLqraN1V+pK5Jay3rDiZ5R85W fFCcOlhrOkTP/302RBRFmQmHzR6/LeW7y2Hmn9IQhy4DcLUj5W/9+EKiwDjMOU/A ilmdU0D222m41lQlrBFMCt1ATJkBBgxsQMy40Cu/XSmVjAQE7vDk1t3NT1txG37T /1LlDmjK5kH8zGCxNwSvoPzvrQyCltT65xvO3WJx0HS+p1cQf6wBkHBYPob3Or+2 YdXnv/scQ+CKEkuJQvBOigPyK7e2fKu2O+RIYHEaycQtePfRzNSwW5TITysVL9Az +DHoBc+mK28Q7A1vNSc1jlcc4nckHH++WCiLx3o52HuuiVGnsEtzkEMKT88NVB74 UWmpW03PjqPT8C0Ntru78FiiBmnoHLvSm5i3rV9Ge2lNufBXTsG0hd5yFeVkmfdN BAtrrW1DMtiAvb8SARsYnYrcOwCnpKUeg9B5idpE9ZloWEj83PHk0o+5sL1zF3Oh i4l2Hc7RdHtHmsfV/yeexhFsVG6nBbIi0UHtDgyFwLLGq3+NQTkH5j0YWB3rIQiV MEIBIGq/9ltQ3+/T1ha+K0Jn6I4KO06c6gezvTHqLO8lAvsGRpDsOf3tED2IiIC8 hI4pcbGoep0CG+Xeps/d =Xri8 -----END PGP SIGNATURE-----

1 0

[GSoC] Tails Server - status report 3
by segfault 17 Jun '16

17 Jun '16

Hi everyone, this is the third status report on the Tails Server GSoC project. I had to omit the previous report because personal difficulties were getting in the way. So here is what I achieved in the last four weeks: * Revamp the GUI * Replace the status panel with a config panel * Add a loading window * Implement the persistence feature * Refactor the code * Many more changes in the code, you can look at my commit messages if you want more details * Keep discussing the design of the GUI on the Tails-UX mailing list The prototype is actually working now. The persistence feature works without dirty hacks now, because anonym kindly implemented a new feature in Tails' persistence (regular files can be bind-mounted now). Because Tails Server now relies on this feature, it will only work properly in this patched Tails version. I will integrate Tails Server in this branch and send a link to a nightly ISO image on tor-dev and tails-dev in the next few days, so you can test it. Next up is some more polishing of the GUI and writing a short documentation to be able to do some initial user tests. And then there are still a lot of features to implement, like autostarting the services, onion address regeneration, client authentication (not necessarily in scope of the GSoC, but I want it anyway), and many more. And I will have to refactor the code some more. Cheers!

1 0

Re: [tor-dev] [GSoC 2016] Orfox - Report 2
by Nathan Freitas 17 Jun '16

17 Jun '16

On Thu, Jun 16, 2016, at 10:37 PM, Tom Ritter wrote: > On 16 June 2016 at 18:45, Amogh Pradeep <amoghbl1(a)gmail.com> wrote: > Is a code audit the most efficient and reliable way to look for proxy > leaks? (At least at this stage?) I think he means a few things by this, or at least we have a few tasks underway: - mentor (me) reviewing code quality and implementation choices for how proxy features were added - inspection of esr45 Android Java code for new network code and other potentially leaky / deanon features - review of tor browser, noscript and other mobile relevant extensions for portability to android > I would do dynamic analysis by setting up a bridge and a proxy, > exercising lots of different functionality of the app (HTTP, HTTPS, > FTP, update checking, safebrowsing disabling/enabling, extension > installation, extension update checking, extension calls to third > party APIs, etc), and looking for any traffic not going to the single > bridge configured. We use NoRoot firewall on Android for doing this in a quick manner. It is like LittleSnitch. Thanks for the feedback Tom!

1 0

[GSoC 2016] Orfox - Report 2
by Amogh Pradeep 17 Jun '16

17 Jun '16

Hey guys, This is my second status report for GSoC 2016. I’ve finally managed to rebase things to ESR 45.2.0 :D [0]. But unfortunately, I think that what it is build on is unstable, so we don’t have an ask ready yet. I will continue to work on this, and hopefully have a successful build soon. Next up is a code audit. Once we have a stable application built on ESR 45, I can move on to the code audit phase. In this phase, I would go through the android code, looking for all the network code, and making sure that it is proxied fine. Hope you guys have a fun weekend. Best, Amogh Pradeep amoghbl1(a)gmail.com [0] https://github.com/amoghbl1/tor-browser/tree/orfox-tor-browser-45.2.0esr-6.…

2 1

GSoC: Tails Server
by segfault 14 Jun '16

14 Jun '16

Hi everyone, I'm a Tails contributor since a few months and I'm excited that I will work on the Tails Server [1] project during this year's Google Summer of Code. This project aims at providing a user-friendly interface to start onion services in Tails. My mentors are anonym (of Tails) and asn. I will start with this project four weeks early, which means I start next Monday (April 25th) and finish at the end of July. Most of the discussion on this project will happen on the appropiate Tails communication channels, i.e. the mailing lists tails-dev(a)boum.org and tails-ux(a)boum.org and the tails-dev channels on irc.oftc.net and conference.riseup.net. Regarding Tor specific questions, I will write to this list or ask in the tor channels on irc.oftc.net. I'm segfault1 on OFTC. I will send bi-weekly status reports to this list and tails-dev(a)boum.org. Cheers! segfault [1] https://tails.boum.org/blueprint/tails_server/

4 4

Error while building
by AKASH DAS 13 Jun '16

13 Jun '16

I am getting the following errors while building tor-messenger. Building project docker-image - 2c313aacbaf4 Error: Error starting remote: exec format error time="2016-06-13T02:01:24+05:30" level=fatal msg="Error response from daemon: Cannot start container ddb958b4c46730bd1173e8ee10ebbccbfe769bfff9a5042d4c7a5ac533353924: [8] System error: exec format error" any help would be greatly appreciated

2 1

Comments on Yawning's Draft proposal for Debian
by bancfc＠openmailbox.org 12 Jun '16

12 Jun '16

I thought the proposal [1] is well written but there is one major point it should include: Sometimes apt/dpkg can contain remotely exploitable bugs which s a big risk when updates are fetched over HTTP. As it happens, anyone could have been in a position to poison the update process and take over the machine because of [CVE-2014-6273] in apt-get [2]. What makes this bug crippling is that updating apt to fix it would have exposed it to what the fix was supposed to prevent. The safest option this time was to manually download the fixed package out of band. Updating from an Onion Service would protect systems from any tampering/attacks at the Exits while bringing all the usual benefits of package metadata privacy. *** While there's been some progress to setup Debian APT Onion Services [3][4], its still a long way away from being enabled as a safe default. This problem along many others summarized in the Debian wiki [5] (such as upstream patching of chatty apps that leak system information like pip [6]) would make great talking points at the next DebConf. [1] https://yawnbox.com/index.php/2016/05/03/draft-proposal-for-debian/ [2] http://security-tracker.debian.org/tracker/CVE-2014-6273 [3] http://richardhartmann.de/blog/posts/2015/08/24-Tor-enabled_Debian_mirror/ [4] http://richardhartmann.de/blog/posts/2015/08/25-Tor-enabled_Debian_mirror_p… [5] https://wiki.debian.org/TorifyDebianServices [6] https://lists.debian.org/debian-security/2016/05/msg00059.html

1 0

remotor - control console that can also notify into a chatroom
by carlo von lynX 12 Jun '16

12 Jun '16

Hi there. Here's a fine new little console-based perl script that lets you control your Tor, monitor circuits as they happen, issue commands like changing your identity etc, and forward critical events to a chatroom using the PSYC protocol. I found vidalia too heavy and arm too confusing and didn't see a simple tool that would leverage the Tor control protocol without excessive nuisances, just a bit of noise reduction and text coloring. Also I like notifications to show in my chat client. The notification feature works with a psyced running on the same host. I just committed a "remotor" chatroom which is preset to receive messages from the tool, all you need to do is install psyced and use your IRC client to join #remotor. You can git remotor and the rest of the perlpsyc library from torify git clone git://cheettyiapsyciew.onion/perlpsyc or git clone git://git.psyced.org/git/perlpsyc If you're a lucky owner of a Gentoo system, you can emerge both Net-PSYC and psyced from http://youbroketheinternet.org 's overlay. remotor should work pretty much out of the box. For a quick little glimpse into the perl script, click http://perl.psyc.eu/navigate/bin/remotor If anyone is interested, I can easily add the ability to control the Tor node from the chatroom. http://perl.psyc.eu tells you of the other tools included such as git2psyc for commit notifications in your developer chatroom, syslog2psyc, psycfilemonitor, psycmail, psycmp3... you get the idea. There's also a tarball for download, no wait, it's a zip. -- E-mail is public! Talk to me in private using encryption: http://loupsycedyglgamf.onion/LynX/ irc://loupsycedyglgamf.onion:67/lynX https://psyced.org:34443/LynX/

1 0

Bridge Directory Consensus
by Nicholas R. Parker (RIT Student) 07 Jun '16

07 Jun '16

I've got a quick question for you all. I have a functioning bridge directory authority and a bridge that's presumably pushing its descriptor to the authority (presents no error messages at all). My question is this: How do I confirm an update to the "bridge master list" on the authority? It doesn't appear on the general ip/tor/status-vote/consensus page, but that would make sense. Is there a bridge list generated to hold the descriptors? Nicholas R. Parker Rochester Institute of Technology

2 1