- tor-dev - lists.torproject.org

Re: [tor-dev] [tor-assistants] Python metrics-lib
by Damian Johnson 17 May '12

17 May '12

Hi Beck, hi Karsten. First I'd like to make sure that I'm clear on what we're trying to do. The javadocs for VerifyDescriptors [1] says that it... > Verify server descriptors using the contained signing key. Verify that > 1) a contained fingerprint is actually a hash of the signing key and > 2) a router signature was created using the signing key. > > Verify consensuses using the separate certs. Verify that > 1) the fingerprint in a cert is actually a hash of the identity key, > 2) a cert was signed using the identity key, > 3) a consensus was signed using the signing key from the cert. Honestly I'm not yet sure what most of this means. The first #2 is simply checking that the descriptor content can be verified using the router-signature and signing-key, right? If so then this sounds like a good place to start since it's entirely self-contained within the descriptor and just involves implementation and testing of... https://gitweb.torproject.org/stem.git/blob/HEAD:/stem/descriptor/server_de… > However, I need some suggestions for the choice of Python cryptography API, since I haven't used any before. Nor have I. At present stem does not have any dependencies outside of python's builtin functions. If we need PyCrypto and it's the best choice then so be it, but be sure to wrap the imports in a try/catch so we only raise an ImportError when executing the function that requires the PyCrypto library. Cheers! -Damian [1] https://gitweb.torproject.org/metrics-tasks.git/blob/HEAD:/task-2768/Verify…

7 20

directory requests
by SiNA Rabbani 16 May '12

16 May '12

I see the same IP sending the same request over and over. Is this normal behaviour? All the best, SiNA XXX.XXX.XXX.XXX - - [16/May/2012:15:15:00 -0400] "GET /tor/status/all.z HTTP/1.0" 200 540655 "-" "-" "-" XXX.XXX.XXX.XXX - - [16/May/2012:15:15:01 -0400] "GET /tor/status/all.z HTTP/1.0" 200 540655 "-" "-" "-" XXX.XXX.XXX.XXX - - [16/May/2012:15:15:02 -0400] "GET /tor/status/all.z HTTP/1.0" 200 540655 "-" "-" "-" XXX.XXX.XXX.XXX - - [16/May/2012:15:15:02 -0400] "GET /tor/status/all.z HTTP/1.0" 200 540655 "-" "-" "-" XXX.XXX.XXX.XXX - - [16/May/2012:15:15:02 -0400] "GET /tor/status/all.z HTTP/1.0" 200 540655 "-" "-" "-" XXX.XXX.XXX.XXX - - [16/May/2012:15:15:02 -0400] "GET /tor/status/all.z HTTP/1.0" 200 540655 "-" "-" "-" XXX.XXX.XXX.XXX - - [16/May/2012:15:15:02 -0400] "GET /tor/status/all.z HTTP/1.0" 200 540655 "-" "-" "-" XXX.XXX.XXX.XXX - - [16/May/2012:15:15:02 -0400] "GET /tor/status/all.z HTTP/1.0" 200 540655 "-" "-" "-" XXX.XXX.XXX.XXX - - [16/May/2012:15:15:04 -0400] "GET /tor/status/all.z HTTP/1.0" 200 540655 "-" "-" "-" XXX.XXX.XXX.XXX - - [16/May/2012:15:15:06 -0400] "GET /tor/status/all.z HTTP/1.0" 200 540655 "-" "-" "-" XXX.XXX.XXX.XXX - - [16/May/2012:15:15:08 -0400] "GET /tor/status/all.z HTTP/1.0" 200 540655 "-" "-" "-" XXX.XXX.XXX.XXX - - [16/May/2012:15:15:09 -0400] "GET /tor/status/all.z HTTP/1.0" 200 540655 "-" "-" "-" XXX.XXX.XXX.XXX - - [16/May/2012:15:15:12 -0400] "GET /tor/status/all.z HTTP/1.0" 200 540655 "-" "-" "-" XXX.XXX.XXX.XXX - - [16/May/2012:15:15:13 -0400] "GET /tor/status/all.z HTTP/1.0" 200 540655 "-" "-" "-" XXX.XXX.XXX.XXX - - [16/May/2012:15:15:13 -0400] "GET /tor/status/all.z HTTP/1.0" 200 540655 "-" "-" "-" XXX.XXX.XXX.XXX - - [16/May/2012:15:15:13 -0400] "GET /tor/status/all.z HTTP/1.0" 200 540655 "-" "-" "-" XXX.XXX.XXX.XXX - - [16/May/2012:15:15:16 -0400] "GET /tor/status/all.z HTTP/1.0" 200 540655 "-" "-" "-" XXX.XXX.XXX.XXX - - [16/May/2012:15:15:16 -0400] "GET /tor/status/all.z HTTP/1.0" 200 540655 "-" "-" "-" XXX.XXX.XXX.XXX - - [16/May/2012:15:15:16 -0400] "GET /tor/status/all.z HTTP/1.0" 200 540655 "-" "-" "-" XXX.XXX.XXX.XXX - - [16/May/2012:15:15:19 -0400] "GET /tor/status/all.z HTTP/1.0" 200 540655 "-" "-" "-" -- First they ignore you, then they laugh at you, then they fight you, then you win ~ Mahatma Gandhi

1 0

Re: [tor-dev] HFOSS as Wesleyan this summer
by Damian Johnson 16 May '12

16 May '12

Hi Megan, hi Erik, glad to have you working with us this summer! First a bit of a project introduction is probably in order. Stem is a python controller library for tor. Like its predecessor, TorCtl [1], it uses tor's control protocol [2] to help developers program against the tor process, enabling them to build things similar to Vidalia [3] and arm [4]. Most of stem's core bits (process communication with tor, asynchronous message handling, etc) are done, and development is now focused on the wrapper around that which makes for a developer-friendly API. There's still a ton of work to do, and currently three people hacking on the project... * Damian (project author) * Ravi (GSoC student) - Working on a grab bag of stem related tasks including the general controller, some descriptor parsing, and migrating the first client (arm) over to stem. [5] * Beck (volunteer) - Doing a deep dive into the crypto behind descriptor validation. [6][7] Karsten, Ravi, and I just updated stem's development wiki yesterday so it should be reasonably up to date... https://trac.torproject.org/projects/tor/wiki/doc/stem Codebase: https://gitweb.torproject.org/stem.git So my first question is, what are your interests? It seems that most people either lean toward research or application, and we have a lot to do that fit both. To start with please take a look at the wiki's bugs and improvements sections. Those are bite sized tasks that should be reasonably small and start immersing you in the codebase. After that, both the metrics-lib tasks (more research focused) or porting the tor interpretor (more application) would be great projects. Here's a brief overview of the communication channels we use: - #tor and #tor-dev on OFTC: we're most active on irc, so I definitely suggest being in these channels [8] - tor-talk [9] is our user mailing list which is somewhat high volume. - tor-dev [10] is a lower volume development list and a good place for technical discussions. Unless something is private please include this in your email cc. Hope this helps, and again - welcome! -Damian PS. I highly suggest introducing yourself to this list. The more you're involved with the tor community the better, and we'd be thrilled if you stuck around after your project to become core tor developers! [1] https://www.torproject.org/getinvolved/volunteer.html.en#project-torctl [2] https://gitweb.torproject.org/torspec.git/blob/HEAD:/control-spec.txt [3] https://www.torproject.org/getinvolved/volunteer.html.en#project-vidalia [4] http://www.atagar.com/arm/ [5] https://www.torproject.org/about/gsocProposal/gsoc12-proposal-stemImproveme… [6] https://trac.torproject.org/5810 [7] https://lists.torproject.org/pipermail/tor-dev/2012-May/003510.html [8] https://www.torproject.org/about/contact.html.en#irc [9] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk/ [10] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev/

1 0

Faravahar Directory + reverse proxy
by SiNA Rabbani 16 May '12

16 May '12

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Last week I experimented with OpenSSL 1.0.1c and saw a huge increase in traffic. Unfortunately, my hardware was not up to the task and I started seeing timeouts and other errors. I have decided to replace the server with a much beefier one in the very near future. Meanwhile, I installed nginx as a reverse proxy on the Directory Port. nginx config: server { listen 154.35.32.5:80; server_name _; location / { proxy_pass http://154.35.32.5:81; } } Tor: DirPort 80 DirListenAddress 154.35.32.5:81 It was very easy and nice to configure Tor Directory behind a reverse proxy. The DirListenAddress came super handy!! Nice design. Currently the directory port is responding blazing fast: http://faravahar.rabbani.jp/tor/status/all.z Can someone poke at the directory port and let me know if they can find any issue with serving Tor in this fashion? If this works fine, I will try to configure the directory port on a fancy DDoS mitigation gear next. All the best, SiNA - -- First they ignore you, then they laugh at you, then they fight you, then you win ~ Mahatma Gandhi -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPs17iAAoJEJPBwXYLR9VtSvgP/3X77PZCF9yv2MGHuWwkyIDM 1Xye/A4Q5Vnm1ZekNpzsXHK0jNsl0FWKS0/zzx9zkokzeHbwN+CG7Y5jYJBdIbvP DL81Q5VDjsR8tS6MOcEHK+DqnHPpKSSNf2FYCeX9KAstumim+PTV7G84I+0sq4ZL 7B/o43XEuGA3518oLM0v1QcHW+gn58vmpgw0Xh74iv+9EKCCrEY3OJImhXp3tuoe xoM3R9mdcI87uafU/ZyToPO/sAO7f/A3yZXjvMY9XKCLEXMpSqDgrKx3Xt+AeJVs 2qtBfamiT76hpH9kv8429iP3LzJJfWUZvOl5dgziMg6GaD07KKHKFqyN9KYR/7RQ k/Gm0yQcECGxzyBRVxYIAIQFWOpK7c1/Sa9Mn4VNlzqAflYTbJrf47YDfX7vlFE0 giILtLvjcOK4fkv0OD1bTo+pFbY62WXAoZ3VwWu9jEBkgYAvdD55WWyg/zYJCKLi aSCy8f1VszPU9dciSN4JjgPU+zXvY/Zzkui2r4Y5IduVjI0h4FhTyVUETrqJj8Rt eyhfyWYONoGurSPH/LUwlfsI8T4ertZCKv9kLOl7AkOoDIrbj0XUf1mhZyjGz5H7 cN3y0q8iy87InH8udIndAUVRwYTysAHiHvZ5ycbB4OcNMK1JlC6RL3hJx64rNbob hpYatE88b/E9vlZENF8q =SepB -----END PGP SIGNATURE-----

1 0

Proposal: Make bridges report statistics on daily v3 network status requests
by Karsten Loesing 15 May '12

15 May '12

Hi Nick, here is the proposal as discussed in #5807 to improve our bridge usage statistics. Thanks, Karsten

2 2

Tor iOS repository is back online
by sid77＠slackware.it 14 May '12

14 May '12

Hi all, I'd like to announce that the Tor iOS repository is back online! TL;DR is just a two step solution: 1) If you still have the old repository installed, remove the "Sid77's Source" package, otherwise skip to step 2 2) Use Cydia to add a new repository and write or paste this url: http://sid77.slackware.it/ios/ Quick FAQ: + What happenened? Around the beginning of April, one of the machine of the slackware.it network suffered an awful disaster. Both of its disks failed, and sid77.slackware.it was hosted over there :( + There was a backup? Obviously not. Well, to be honest, I *DID* a backup the day before the disaster but I wasn't able to retrieve it in time. How lucky! :D + What does it mean? Source code was mirrored on several places and on github.com so it wasn't a big loss, however, the old GPG signing key with ID 0x6295C2FE is gone and lost. Eventually, it will expires in 2015 but I am pretty ashamed of not having a revoke certificate handy. + Why did it take you so long? Me and the rest of slackware.it admins were all busy with Real Life(tm), we tried to recover what we could from the disaster before rebuilding the missing pieces from scratch. + Ok, now what? How can I have the repository back? First, if you still have the old repository installed, remove the "Sid77's Source" package, otherwise go on. Open Cydia then go to Sources->Edit->Add and write or paste this url: http://sid77.slackware.it/ios/ then tap "Add Source". Once the repository is recognized tap, on "evelyn" (its name) and install or upgrade "Tor Toggle". Packages are signed with the new key with ID 0x09F4FCCE: Cydia will import it as son you add the new source to your repositories. + Do you know there's a "Mobile Tor" package on Big Boss repository? Yes I do. It's not mine nor I endorse it. It was uploaded by "W00t" and its package ID is org.torproject.mobiletor but I do not think its an official torproject.org package. I downloaded the deb and, as far I can tell, it should be an all-in-one version of every package I have released so far: it contains Tor, Polipo, libevent and the startup scripts. I think it misses the SBSettings toggle but I'm not that sure. I have already released an updated "Mobile Tor" version 0.3-4 in my repository which should be picked up by Cydia. In theory, the upgraded version was useless as the two packages have different IDs but I'd like to be better safe then sorry ;-) Well, it should be a good idea to remove BigBoss' "Mobile Tor" before upgrading to my packages as both of them will try to write the same files. That's all, in the following days I will update the rest of the site with package descriptions and everything else. Ciao, Marco

1 0

Thandy and what's next
by Tomas Touceda 13 May '12

13 May '12

Hello everyone, Thandy, for those who haven't heard about it by now, in few words is a package system for Tor packages and the like. One of the biggest problems we have right now is keeping users' Tor up to date, so we are trying to make time to get this going. (For more detailed information about Thandy check [1], specially the doc/ and specs/ directories) A couple of months ago, nickm and erinn worked in writing the package format spec (see [2] for more details), and now I'm going to start working as fast as I can (which may be slow) in implementing this last spec and get a working Thandy. On the more technical side, the idea is to implement this in Python as a first approach. In terms of distribution, Python isn't the best choice for platforms like Windows, but right now porting Thandy to another language isn't among the top priorities. This will probably be merged with the alpha track of releases we are making, so this can have as much testing as it can before going to stable. [1] https://gitweb.torproject.org/thandy.git/tree [2] https://gitweb.torproject.org/erinn/thandy.git/blob/934300a7c4c6c0493bedaf0… Cheers, -- Tomas Touceda Gentoo Developer - Qt, Scheme, Lisp

4 4

Orbot makefile / build update
by Nathan Freitas 09 May '12

09 May '12

Since the dawn of Orbot, way back in 2009, the onion routing robot app has been built using an unwieldy combination of tools, based on an extremely out of date method for cross-compiling C code for Android/ARM. In the 1.x era of Android, there was no Native Development Kit as their is now, but thanks to some craft individuals, scripts were developed to utilize the compilers found within the core Android OS build kit. However, this mean you had to build the entire Android OS to be able to build Orbot, and you were potentially relying upon highly unstable internal libraries. This week, I finally bit the bullet, and decided to rewrite the build process utilizing the more proper NDK tools, as well as utilize Git submodules as a means for managing retrieval and version control of dependencies. With the help of _hc, sebastian, rransom, vapourEyes, asn and others, I was able to work through the various issues of porting over to the more limited NDK environment, and come out with a properly formatted Makefile for building all native code that Orbot relies upon. This means that to fully build Orbot (including tor, privoxy, and obfsproxy binaries, and the jtorctrl java library) you simply need to ensure you have the Android SDK and NDK setup, and then: 1) git clone git://git.torproject.org/orbot.git 2) cd orbot 3) make -C external 4) android update project --name Orbot --target android-15 --path . 5) ant debug That's it! (in theory). At this point, I would love some clean eyes to look at this, try it out, ask questions and who knows, perhaps submit a patch or two. Human readme on new build process and prereqs: https://gitweb.torproject.org/orbot.git/blob/HEAD:/BUILD Makefile for Orbot and dependencies (openssl, libevent, privoxy, obfsproxy) https://gitweb.torproject.org/orbot.git/blob/HEAD:/external/Makefile Successfully executed build on our build server: https://build.safermobile.org/job/Gibberbot/49/console happy friday, n8fr8

2 2

Win32: tor-gencert.c
by Gisle Vanem 07 May '12

07 May '12

MSVC doesn't have <unistd.h>. Hence this little patch is needed: --- Git-latest\src\tools\tor-gencert.c Tue Jan 24 17:05:52 2012 +++ src\tools\tor-gencert.c Thu Apr 26 08:51:02 2012 @@ -9,7 +9,9 @@ #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> +#ifdef HAVE_UNISTD_H #include <unistd.h> +#endif #include <openssl/evp.h> #include <openssl/pem.h> --------------- --gv

2 1

TorBrowser and Firefox ESR
by Jérémy Bobbio 07 May '12

07 May '12

Hi! (I tried to ask the question to Mike Perry on IRC but I am not sure that it was the best place to do so, also given that my proxy had connectivity issue yesterday. If someone have already answered me there, I apologies for wasting a little bit of your time, but I did not receive the reply.) It looks like Firefox maintainers in Debian have decided to ship Extended Support Releases in the upcoming Wheezy release. This made me wonder if ESR changed any plans concerning TorBrowser. Will Tor Browser Bundle keep following upstream "personal use" releases or switch to ESR? Cheers, -- Jérémy Bobbio .''`. lunar(a)debian.org : :Ⓐ : # apt-get install anarchism `. `'` `-

2 2