[or-cvs] r13148: Corrected minor errors in (or simply improved) URL:s, netmas (in incognito/trunk: . arch root_overlay/etc/socks root_overlay/etc/tor root_overlay/usr/sbin root_overlay/var/lib/firefox-config/firefox/m7m1jk79.Default User root_overlay/var/lib/kdesession)

Wed Jan 16 15:16:09 UTC 2008

Author: anonym
Date: 2008-01-16 10:16:08 -0500 (Wed, 16 Jan 2008)
New Revision: 13148

Modified:
   incognito/trunk/TODO
   incognito/trunk/arch/readme.html
   incognito/trunk/root_overlay/etc/socks/socks.conf
   incognito/trunk/root_overlay/etc/socks/tsocks.conf
   incognito/trunk/root_overlay/etc/tor/torrc
   incognito/trunk/root_overlay/usr/sbin/create-homevol
   incognito/trunk/root_overlay/var/lib/firefox-config/firefox/m7m1jk79.Default User/prefs.js
   incognito/trunk/root_overlay/var/lib/kdesession/bookmarks.xml
   incognito/trunk/root_overlay/var/lib/kdesession/kioslaverc
   incognito/trunk/root_overlay/var/lib/kdesession/konquerorrc
Log:
Corrected minor errors in (or simply improved) URL:s, netmasks etc. here and there.
Firefox doesn't use proxy for local address spaces.
Added TODO item about mixmaster.


Modified: incognito/trunk/TODO
===================================================================

--- incognito/trunk/TODO	2008-01-16 05:27:19 UTC (rev 13147)
+++ incognito/trunk/TODO	2008-01-16 15:16:08 UTC (rev 13148)
@@ -12,16 +12,13 @@
 - Script to generate CDs from SVN checkout
 It would be nice to have a script in SVN that builds everything with one command. One important point is to determine if we have a Gentoo machine or not. If not download a stage3 tarball and create a chroot environment. Catalyst needs to be installed. The rest is documented in building.html.
 
-- Test script that copies to USB
-It is difficult to get a hold of a lot of USB hardware to test this script. If you'd like to test it, run "sudo /usr/sbin/create-usb" from an xterm as the script outputs what it is doing. This will help if a problem occurs.
-
 - Wipe memory and reboot when USB drive is removed
 If running from the USB drive and it is removed, wipe memory and reboot. If you're in a persecuted country and they are on to you, you can grab the USB and leave.
 
 - Mixminion on tiny
 Install mixminion on the tiny version and use Xdialog to provide UI. Needs a link in the fluxbox menu as well. The main problem here is that mixminion is a python program, and python takes too much space. There is a freeze.py in the python distribution that creates an executable that does not depends on python. Two problems with this, the result for mixminion is over 3MB and it isn't straightforward to create the executable, there are import errors when running it.
 
-- Allow higher resolutions than 1024x768
+- Allow other resolutions than 1024x768
 Add a menu option to the boot menu to select a higher resolution, OR attempt to do monitor detection when configuring. The latest x.org server has much better auto-detection, perhaps allowing it to do more work would be better. Note that a kernel option "xres=1024x768" is available (plug in your own dimensions) and working. A boot menu option requires a custom syslinux menu which does not look too difficult.a
 
 - A less hack-ish macchanger option to boot menu
@@ -38,15 +35,15 @@
 	AutomapHostsSuffixes .exit,.onion
 
 - Retroshare instant messenger
-Looks promising. Might be added when out of beta. See: http://retroshare.sourceforge.net
+Might be added when out of beta. See: http://retroshare.sourceforge.net
 
 - Consider using hardend profile ?
 
 - Consider using grsec ?
 
-- Add torbutton, disabling tor enable/disable in toolbar and status bar
-torbutton is more user friendly and less annoying than NoScript+CookieCuller so if it provides a reasonable amount of protection for tor (which it should since that's its design goal) it should replace the other two extensions when it becomes more stable.
-Also, if we setup a new http(s) proxy that is excluded from the netfiler tor forwarding, torbutton could be used to have firefox access the network directly, which can be necessary when ISP require logins (see below).
+- Add Torbutton, disabling Tor enable/disable in toolbar and status bar
+Torbutton is more user friendly and less annoying than NoScript+CookieCuller so if it provides a reasonable amount of protection for Tor (which it should since that's its design goal) it should replace the other two extensions when it becomes more stable.
+Also, if we setup a new http(s) proxy that is excluded from the netfiler Tor forwarding, Torbutton could be used to have firefox access the network directly, which can be necessary when ISP require logins (see below).
 
 - Update Incognito branded images
 livecd-stage2.sh has some branding support so you can change the name. There are a few images that still have Incognito. ImageMagick scripting looks like a possible way to do this.
@@ -56,15 +53,12 @@
 
 - Handle ISP login requirement
 Public networks may require a login before allowing access to the outside. Generally this is done by a transparent proxy that redirects to the login screen whenever an http request is made. A solution to this may be to add the class C network to the iptables exclusion list so the redirect won't run through Tor. The user will need to access something on the local net first though since the redirect won't happen when running through Tor. Other suggestions are welcome.
-(see entry for torbutton for a possible solution)
+(see entry for Torbutton for a possible solution)
 
 - Allow Tor to be bypassed
 Sometimes a direct connection to the Internet is desired. We need a way to bypass the iptables filter. Possibly another proxy process that does not go through Tor. There should be a clear indicator that we are not anonymous.
-(see entry for torbutton for a possible solution)
+(see entry for Torbutton for a possible solution)
 
-- Move to kernel 2.6.22
-Note that as of 2007-08-24 some of the wireless NIC drivers will not compile with 2.6.22.
-
 - Fix virtual USB boot for read/write mode
 The CD or USB may be run in a virtual PC for computers that won't boot from removable media. USB must be run read-only due to bugs in QEMU (writable vvfat). When QEMU fixes this, we should use it.
 See http://www.h7.dion.ne.jp/~qemu-win/HowToFloppyCdrom-en.html
@@ -79,5 +73,5 @@
 Make it possible to to permanently decline creating a persistent home partition during boot from USB (otherwise this will constantly be halting the boot process).
 This easily implemented by a "lock" file, i.e. NO_PERSISTANT on the USB root, created by external-config-setup when the users choses to never have a persistent home. external-config-setup will check for the existence of that file before prompting the user. Also, there should be a readily available script which resets this available on the KDE desktop and in the fluxbox menu.
 
-- TrueCrypt problem
-The outer layer password is not accepted for some reason.
+- Mixmaster
+Install mixmaster and mixmaster-smtp and integrate into mail clients. Remove mixminion-smtp.

Modified: incognito/trunk/arch/readme.html
===================================================================
--- incognito/trunk/arch/readme.html	2008-01-16 05:27:19 UTC (rev 13147)
+++ incognito/trunk/arch/readme.html	2008-01-16 15:16:08 UTC (rev 13148)
@@ -10,7 +10,7 @@
 </p>
 
 <p>
-The latest version can be found at <a href="http://www.patdouble.com/incognito.html">http://www.patdouble.com/incognito.html</a>.
+The latest version can be found at <a href="http://incognito.anonymityanywhere.com/">http://incognito.anonymityanywhere.com/</a>.
 </p>
 
 </body>

Modified: incognito/trunk/root_overlay/etc/socks/socks.conf
===================================================================
--- incognito/trunk/root_overlay/etc/socks/socks.conf	2008-01-16 05:27:19 UTC (rev 13147)
+++ incognito/trunk/root_overlay/etc/socks/socks.conf	2008-01-16 15:16:08 UTC (rev 13148)
@@ -1,133 +1,3 @@
-# The configfile is divided into two parts; first misc. settings,
-# then the routes.  Objects in '[]' are optional.
-#
-#
-# recommended order is:
-#	[debug]
-#	[logoutput]
-#	[resolveprotocol]
-#
-#	routes:
-#		from to via
-#		[command]
-#		[extension]
-#		[protocol]
-#		[proxyprotocol]
-
-
-#debug: 1           # uncomment to enable debugging
-
-#logoutput: stdout  # users usually don't want to be bothered with that.
-
-# What protocol should be used for resolving hostnames?  It's important
-# to set this right.
-#resolveprotocol: udp  # default
-#resolveprotocol: tcp  # set this if your socksserver only supports socksv4.
-#resolveprotocol: fake # set this if your clients can't access nameserver,
-		       # neither directly nor proxied.
-
-
-
-#
-# the routes
-#
-
-# specifying routes for accepting remote connections (via bind()) is
-# difficult since we can't know what the "to:" address is
-# until we actually get the connection  Since we support letting
-# the client accept connections both via the proxyserver and
-# "directly" at the same time, we have two options though:
-# a) specify a route for bind (only) first going via the proxyserver.
-#    This will also handle "direct" connections.
-# b) specify a route for bind (only) first going "direct".
-#    This means clients will only be able to accept "direct"
-#    connections.
-
-# we want to accept remote connections via the proxyserver.
-#route {
-#	from: 0.0.0.0/0 to: 0.0.0.0/0 via: 10.1.1.1 port = 1080
-#	command: bind
-#}
-
-# we do not want to accept remote connections via the proxyserver.
-#route {
-#	from: 0.0.0.0/0 to: 0.0.0.0/0 via: direct
-#	command: bind
-#}
-
-
-# if you don't route all local connections via direct, you should
-# at least route nameserver connections via direct connections if you
-# can.  That can make for much better performance, depending on
-# your setup.  Make sure the nameserver line is the first.
-#
-# Assuming your nameserver runs on address 10.1.1.1, you can do it like this:
-#route {
-#	from: 0.0.0.0/0 to: 10.1.1.1/32 port = domain via: direct
-#}
-
-
-# have a route making all connections to loopback addresses be direct.
-#route {
-#	from: 0.0.0.0/0   to: 127.0.0.0/8  via: direct
-#	command: connect udpassociate # everything but bind, bind confuses us.
-#}
-
-# Our net is the 10.0.0.0/8 net, let clients going to local address go
-# direct, not via server.
-#route {
-#	from: 0.0.0.0/0   to: 10.0.0.0/8   via: direct
-#}
-
-# for poor souls trapped behind a msproxy server.
-#route {
-#	from: 0.0.0.0/0   to: 0.0.0.0/0   via: 10.1.1.1 port = 1745
-#	protocol: tcp			 # server supports tcp
-#	proxyprotocol: msproxy_v2        # server runs msproxy_v2
-#}
-
-# clients going anywhere else go via server listening at
-# IP address 10.1.1.1, port 1080.   Note that unless you have
-# specified a direct connection for DNS, or the socksserver is resolvable
-# without network traffic, you can't give a hostname for the socksserver,
-# you must give a IP address.  (the reasons for that are logical enough,
-# you would create a loop otherwise.)
-#route {
-#	from: 0.0.0.0/0   to: 0.0.0.0/0   via: 10.1.1.1 port = 1080
-#	protocol: tcp udp                # server supports tcp and udp.
-#	proxyprotocol: socks_v4 socks_v5 # server supports socks v4 and v5.
-#	method: none #username		 # we are willing to authenticate via
-#					 # method "none", not "username".
-#}
-#
-# this is identical to the above, but it matches hostnames instead.
-# This is if you have clients that are unable to resolve hostnames.
-# It can be important that hostname routes come after address routes.
-#route {
-#	from: 0.0.0.0/0   to: .   via: 10.1.1.1 port = 1080
-#	protocol: tcp udp                # server supports tcp and udp.
-#	proxyprotocol: socks_v4 socks_v5 # server supports socks v4 and v5.
-#	method: none #username		 # we are willing to authenticate via
-#					 # method "none", not "username".
-#}
-
-# identical to above two routes, but using a httpproxy instead.
-#
-
-#route {
-#	from: 0.0.0.0/0   to: 0.0.0.0/0   via: 10.1.1.1 port = 3128
-#	command: connect		 # only thing a httproxy supports.
-#	proxyprotocol: http_v1.0
-#}
-
-#route {
-#	from: 0.0.0.0/0   to: .   via: 10.1.1.1 port = 3128
-#	command: connect		 # only thing a httproxy supports.
-#	proxyprotocol: http_v1.0
-#}
-
-
-
 # 'fake' sends host name to SOCKS server
 resolveprotocol: fake
 
@@ -137,19 +7,18 @@
 }
 # Private network
 route {
-	from: 0.0.0.0/0   to: 172.16.0.0/16   via: direct
+	from: 0.0.0.0/0   to: 172.16.0.0/12   via: direct
 }
 # Private network
 route {
 	from: 0.0.0.0/0   to: 192.168.0.0/16   via: direct
 }
-# Loopback
+# Loopback (except .onion virtual address space of 127.192.0.0+) 
 route {
-	from: 0.0.0.0/0   to: 127.0.0.0/255.128.0.0   via: direct
+	from: 0.0.0.0/0   to: 127.0.0.0/9   via: direct
 }
-# Onion network
 route {
-	from: 0.0.0.0/0   to: 127.128.0.0/255.192.0.0   via: direct
+	from: 0.0.0.0/0   to: 127.128.0.0/10   via: direct
 }
 
 route {

Modified: incognito/trunk/root_overlay/etc/socks/tsocks.conf
===================================================================
--- incognito/trunk/root_overlay/etc/socks/tsocks.conf	2008-01-16 05:27:19 UTC (rev 13147)
+++ incognito/trunk/root_overlay/etc/socks/tsocks.conf	2008-01-16 15:16:08 UTC (rev 13148)
@@ -14,6 +14,6 @@
 
 # My local networks
 local = 10.0.0.0/255.0.0.0
-local = 172.16.0.0/255.255.0.0
+local = 172.16.0.0/255.240.0.0
 local = 192.168.0.0/255.255.0.0
 

Modified: incognito/trunk/root_overlay/etc/tor/torrc
===================================================================
--- incognito/trunk/root_overlay/etc/tor/torrc	2008-01-16 05:27:19 UTC (rev 13147)
+++ incognito/trunk/root_overlay/etc/tor/torrc	2008-01-16 15:16:08 UTC (rev 13148)
@@ -3,15 +3,15 @@
 
 PIDFile /var/lib/tor/tor.pid
 
-ContactInfo Incognito LiveCD <incognito at patdouble.com>
+Log notice syslog
 
+DataDirectory   /var/lib/tor/data
+
+ContactInfo Incognito LiveCD
+
 SocksPort 9050
 SocksListenAddress 127.0.0.1
 
-Log notice syslog
-
-DataDirectory   /var/lib/tor/data
-
 ControlPort 9051
 ControlListenAddress 127.0.0.1
 
@@ -21,6 +21,8 @@
 ORPort 9001
 DirPort 9030
 
+VirtualAddrNetwork 127.192.0.0/10
+
 ExitPolicy reject *:* # middleman only -- no exits allowed
 
 AvoidDiskWrites 1

Modified: incognito/trunk/root_overlay/usr/sbin/create-homevol
===================================================================
--- incognito/trunk/root_overlay/usr/sbin/create-homevol	2008-01-16 05:27:19 UTC (rev 13147)
+++ incognito/trunk/root_overlay/usr/sbin/create-homevol	2008-01-16 15:16:08 UTC (rev 13148)
@@ -38,7 +38,7 @@
 
 # Check if minimum required amount of space is available
 if [[ ${MAX_SIZE} -lt ${MIN_SIZE} ]]; then
-	echo "Sorry, but you do not have enough space left on the media."
+	echo "Sorry, but you do not have enough space left on the media (Minimum needed: ${MIN_SIZE} MB, currently available: ${MAX_SIZE} MB)"
 	exit 1
 fi
 

Modified: incognito/trunk/root_overlay/var/lib/firefox-config/firefox/m7m1jk79.Default User/prefs.js
===================================================================
--- incognito/trunk/root_overlay/var/lib/firefox-config/firefox/m7m1jk79.Default User/prefs.js	2008-01-16 05:27:19 UTC (rev 13147)
+++ incognito/trunk/root_overlay/var/lib/firefox-config/firefox/m7m1jk79.Default User/prefs.js	2008-01-16 15:16:08 UTC (rev 13148)
@@ -13,7 +13,11 @@
 user_pref("app.update.autoInstallEnabled", false);
 user_pref("app.update.auto", false);
 user_pref("browser.cache.disk.capacity", 0);
-user_pref("browser.history_expire_days.mirror", 9);
+user_pref("browser.history_expire_days", 0);
+user_pref("browser.history_expire_days.mirror", 0);
+user_pref("privacy.item.cookies", true);
+user_pref("privacy.sanitize.promptOnSanitize", false);
+user_pref("privacy.sanitize.sanitizeOnShutdown", true);
 user_pref("browser.preferences.advanced.selectedTabIndex", 0);
 user_pref("browser.search.update", false);
 user_pref("browser.shell.checkDefaultBrowser", false);
@@ -24,6 +28,34 @@
 user_pref("extensions.lastAppVersion", "2.0.0.11");
 user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1.11");
 
+/* Firefox: disable extension updates. */
+user_pref("extensions.update.enabled", false);
+user_pref("extensions.update.notifyUser", false);
+user_pref("network.cookie.prefsMigrated", true);
+
+/* Firefox: network performance improvements. */
+user_pref("network.http.keep-alive.timeout", 600);
+user_pref("network.http.max-persistent-connections-per-proxy", 16);
+user_pref("network.http.pipelining", true);
+user_pref("network.http.pipelining.maxrequests", 8);
+user_pref("network.http.proxy.pipelining", true);
+
+/* Firefox: HTTP/SOCKS proxies. */
+user_pref("network.proxy.http", "127.0.0.1");
+user_pref("network.proxy.http_port", 3128);
+user_pref("network.proxy.socks", "127.0.0.1");
+user_pref("network.proxy.socks_port", 9050);
+user_pref("network.proxy.socks_remote_dns", true);
+user_pref("network.proxy.ssl", "127.0.0.1");
+user_pref("network.proxy.ssl_port", 3128);
+user_pref("network.proxy.type", 1);
+user_pref("network.proxy.no_proxies_on", "localhost, 10.0.0.0/8,  172.16.0.0/12, 192.168.0.0/16,  127.0.0.0/9, 127.128.0.0/10");
+
+/* Firefox: fonts */
+user_pref("font.name.monospace.x-western", "Bitstream Vera Sans Mono");
+user_pref("font.name.sans-serif.x-western", "Bitstream Vera Sans");
+user_pref("font.name.serif.x-western", "Bitstream Vera Serif");
+
 /* NoScript: prevent update page, notifications and auto-refresh */
 user_pref("noscript.temp", "");
 user_pref("noscript.version", "1.2.9");
@@ -58,30 +90,3 @@
 user_pref("extensions.firegpg.gpg_path", "gpg");
 user_pref("extensions.firegpg.gpg_version", "0.4.7");
 user_pref("extensions.firegpg.no_updates", true);
-
-/* Firefox: disable extension updates. */
-user_pref("extensions.update.enabled", false);
-user_pref("extensions.update.notifyUser", false);
-user_pref("network.cookie.prefsMigrated", true);
-
-/* Firefox: network performance improvements. */
-user_pref("network.http.keep-alive.timeout", 600);
-user_pref("network.http.max-persistent-connections-per-proxy", 16);
-user_pref("network.http.pipelining", true);
-user_pref("network.http.pipelining.maxrequests", 8);
-user_pref("network.http.proxy.pipelining", true);
-
-/* Firefox: HTTP/SOCKS proxies. */
-user_pref("network.proxy.http", "127.0.0.1");
-user_pref("network.proxy.http_port", 3128);
-user_pref("network.proxy.socks", "127.0.0.1");
-user_pref("network.proxy.socks_port", 9050);
-user_pref("network.proxy.socks_remote_dns", true);
-user_pref("network.proxy.ssl", "127.0.0.1");
-user_pref("network.proxy.ssl_port", 3128);
-user_pref("network.proxy.type", 1);
-
-/* Fonts */
-user_pref("font.name.monospace.x-western", "Bitstream Vera Sans Mono");
-user_pref("font.name.sans-serif.x-western", "Bitstream Vera Sans");
-user_pref("font.name.serif.x-western", "Bitstream Vera Serif");

Modified: incognito/trunk/root_overlay/var/lib/kdesession/bookmarks.xml
===================================================================
--- incognito/trunk/root_overlay/var/lib/kdesession/bookmarks.xml	2008-01-16 05:27:19 UTC (rev 13147)
+++ incognito/trunk/root_overlay/var/lib/kdesession/bookmarks.xml	2008-01-16 15:16:08 UTC (rev 13148)
@@ -7,13 +7,13 @@
    <metadata owner="http://www.kde.org" />
   </info>
  </bookmark>
- <bookmark icon="www" href="http://www.patdouble.com" >
-  <title>__INCOGNITO__</title>
+ <bookmark icon="favicons/incognito.anonymityanywhere.com" href="http://incognito.anonymityanywhere.com/" >
+  <title>__INCOGNITO__ Home</title>
   <info>
    <metadata owner="http://www.kde.org" />
   </info>
  </bookmark>
- <bookmark icon="www" href="http://wiki.noreply.org/noreply/TheOnionRouter" >
+ <bookmark icon="favicons/wiki.noreply.org" href="http://wiki.noreply.org/noreply/TheOnionRouter" >
   <title>TheOnionRouter - Noreply Wiki</title>
   <info>
    <metadata owner="http://www.kde.org" />

Modified: incognito/trunk/root_overlay/var/lib/kdesession/kioslaverc
===================================================================
--- incognito/trunk/root_overlay/var/lib/kdesession/kioslaverc	2008-01-16 05:27:19 UTC (rev 13147)
+++ incognito/trunk/root_overlay/var/lib/kdesession/kioslaverc	2008-01-16 15:16:08 UTC (rev 13148)
@@ -2,7 +2,7 @@
 PersistentProxyConnection=true
 
 [Proxy Settings]
-NoProxyFor=127.0.0.1,localhost,10.0.0.0,192.168.0.0,172.16.0.0
+NoProxyFor=127.0.0.1,localhost
 ProxyType=1
 httpProxy=http://127.0.0.1:3128
 httpsProxy=http://127.0.0.1:3128

Modified: incognito/trunk/root_overlay/var/lib/kdesession/konquerorrc
===================================================================
--- incognito/trunk/root_overlay/var/lib/kdesession/konquerorrc	2008-01-16 05:27:19 UTC (rev 13147)
+++ incognito/trunk/root_overlay/var/lib/kdesession/konquerorrc	2008-01-16 15:16:08 UTC (rev 13148)
@@ -10,6 +10,10 @@
 IconText=IconOnly
 Index=3
 
+[KonqMainWindow Toolbar]
+IconText=IconTextRight
+Index=2
+
 [KonqMainWindow Toolbar bookmarkToolBar]
 IconText=IconTextRight
 Index=2

