[tor-talk] Python upgrade breaks 'random' in ARM..
Hi Damian et al. I'm running Tor-0.2.3.15.alpha on FreeBSD 9.0, all fine.. However, I upgraded Python26 to version 2.6.8 (= up-to-date with port) & it breaks ARM.. => File "/usr/share/arm/starter.py" line 18 in import cli.controller => File "/usr/share/arm/cli/controller.py" line 11 in import cli.menu.menu => File "/usr/share/arm/cli/menu/menu.py" line 10 in import cli.menu.actions => File "/usr/share/arm/cli/menu/actions.py" line 8 in import cli.wizzard => File "/usr/share/arm/cli/wizzard.py" line 9 in import random => File "/usr/local/lib/python2.6/random.py" line 47 in from os import urandom as _urandom => ImportError: cannot import name urandom Would you know a way around this because I'm not familiar with Python at all.. Any suggestions would be much appreciated.. Regards, E. PS. Running ARM from the executable comes down to the same problem.. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Python upgrade breaks 'random' in ARM..
Hi Eric. Sorry to hear that you're having troubles after the upgrade. > => File "/usr/share/arm/cli/menu/actions.py" line 8 in > import cli.wizzard > => File "/usr/share/arm/cli/wizzard.py" line 9 in > import random Did you copy this over by hand? There's a "wizard.py" module, but no such thing as a "wizzard.py". If this is accurate then where did you get it from? > => File "/usr/share/arm/cli/wizzard.py" line 9 in > import random > => File "/usr/local/lib/python2.6/random.py" line 47 in > from os import urandom as _urandom > > => ImportError: cannot import name urandom This isn't an arm bug. It's an issue with the copy of python that you installed - I'm simply importing the random module and that's having an error internally when it tries to get urandom. -Damian ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Python upgrade breaks 'random' in ARM..
On May 25, 2012, at 4:45 PM, Eric Seerden wrote: > Hi Damian et al. > > I'm running Tor-0.2.3.15.alpha on FreeBSD 9.0, all fine.. > However, I upgraded Python26 to version 2.6.8 (= up-to-date with port) & it > breaks ARM.. > > => File "/usr/share/arm/starter.py" line 18 in > import cli.controller > => File "/usr/share/arm/cli/controller.py" line 11 in > import cli.menu.menu > => File "/usr/share/arm/cli/menu/menu.py" line 10 in > import cli.menu.actions > => File "/usr/share/arm/cli/menu/actions.py" line 8 in > import cli.wizzard > => File "/usr/share/arm/cli/wizzard.py" line 9 in > import random > => File "/usr/local/lib/python2.6/random.py" line 47 in > from os import urandom as _urandom > > => ImportError: cannot import name urandom > > Would you know a way around this because I'm not familiar with Python at > all.. > Any suggestions would be much appreciated.. > > Regards, > E. > > PS. Running ARM from the executable comes down to the same problem.. Is virtualenv involved in any way? This is mentioned as a potential issue in the Python 2.6.8 release notes [0]. Maybe the freebsd maintainers for arm (or for python things in general) like virtualenvs? [0]: http://mail.python.org/pipermail/python-dev/2012-April/118676.html ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] anonymity: bridge users vs. entry guard users
If I understand correctly, a bridge will be used as the first of three hops. While users in non-censored areas can will use a certain amount of entry guards, users in censored areas get only three bridges per mail. The entry guard users are more unlikely to suffer from unstable (goes offline) entry guards and blocking is also no issue. I read, that 80% of all bridges are blocked. Therefore I think it's safe to assume that 2 of 3 bridges, bridgedb gives out to users, are already blocked. And over time probable also that bridge will get blocked and the user has to request new bridges. That means, that bridge users rotate their first hops more often than entry guard users. Is that true? If that is true, that also means, that bridge users are sufficiently more vulnerable to attacks, which are circumvented by entry guards? __ powered by Secure-Mail.biz - anonymous and secure e-mail accounts. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Torbutton-birdy version 0.0.2
Hi, I'm pleased to say that Sukhbir, tanaq, and I are making progress on Torbutton-birdy, the Torbutton like plugin for Thunderbird. Today marks the second release with two important fixes: the auto-configuration wizard leaks, so we disabled it the timezone is now UTC and does not leak your actual timezone You may download the xpi here: https://github.com/downloads/ioerror/torbutton-birdy/torbutton-birdy.xpi We had around 57 downloads for our first release, we'd love to see that many users upgrade and send us feedback. We're really looking for informational leaks but the most important kinds of leaks are proxy bypass or other kinds of seriously harmful bugs. Here is our long running open bug about reviewing torbutton-birdy: https://trac.torproject.org/projects/tor/ticket/5797 All the best, Jacob ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Socks5 and msmtp
grarpamp writes: [...] I could not follow these notations now, please wait! > msmtp's complement, fetchmail, speaks of SOCKS in its > docs, mentions a couple socks libs. But I've not tested > fetchmail with them yet, it should be. fetchmail leacks inesorably (?) dns requests also used through a proxy socks - this is my experience. I found fdm (http://fdm.sourceforge.net/) really better: it has native socks support and in my probes it does not leaks. > I think there's also a capable 'm' complement for fetching by > the same author as msmtp, but I don't remember its name. I don't know. > esmtp seemed inferior at the time. I don't know too. -- Ciao leandro pgpYmuXeAVDnm.pgp Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Socks5 and msmtp
>> msmtp's complement, fetchmail, speaks of SOCKS in its >> docs, mentions a couple socks libs. But I've not tested >> fetchmail with them yet, it should be. > > fetchmail leacks inesorably (?) dns requests also used through a proxy > socks - this is my experience. I don't see any leaks with torsocks and LD_PRELOAD. As I've not tested fetchmail's native SOCKS method yet, I'll copy this note to them as a possible fyi on that. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Torbutton-birdy version 0.0.2
Thus spake Jacob Appelbaum (ja...@appelbaum.net): > I'm pleased to say that Sukhbir, tanaq, and I are making progress on > Torbutton-birdy, the Torbutton like plugin for Thunderbird. Today marks > the second release with two important fixes: I say we just call it TorBirdy. Easier to type, and has a better ring to it I think. Hopefully, Torbutton will soon be entirely forgotten in favor of Tor Browser, anyways :). > the auto-configuration wizard leaks, so we disabled it > the timezone is now UTC and does not leak your actual timezone > > You may download the xpi here: > https://github.com/downloads/ioerror/torbutton-birdy/torbutton-birdy.xpi > > We had around 57 downloads for our first release, we'd love to see that > many users upgrade and send us feedback. We're really looking for > informational leaks but the most important kinds of leaks are proxy > bypass or other kinds of seriously harmful bugs. > > Here is our long running open bug about reviewing torbutton-birdy: > https://trac.torproject.org/projects/tor/ticket/5797 I already mentioned this in the ticket, but might as well say it here too, in case people don't bother to click the link: Attachments can also cause proxy bypass when external apps are launched to open them, esp for doc and pdf attachments. It would be great if someone could test trying to open those attachments, especially after setting the prefs I mention in: https://trac.torproject.org/projects/tor/ticket/5797#comment:12. If the prefs don't cause a warning of some kind first, you might need to adapt that component I linked to in comment 11... -- Mike Perry signature.asc Description: Digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Torbutton-birdy version 0.0.2
I, probably in ignorance, am unable to download the xpi. Please can someone describe how to for me? cheers Anne On 26/05/12 11:47, Mike Perry wrote: Thus spake Jacob Appelbaum (ja...@appelbaum.net): I'm pleased to say that Sukhbir, tanaq, and I are making progress on Torbutton-birdy, the Torbutton like plugin for Thunderbird. Today marks the second release with two important fixes: I say we just call it TorBirdy. Easier to type, and has a better ring to it I think. Hopefully, Torbutton will soon be entirely forgotten in favor of Tor Browser, anyways :). the auto-configuration wizard leaks, so we disabled it the timezone is now UTC and does not leak your actual timezone You may download the xpi here: https://github.com/downloads/ioerror/torbutton-birdy/torbutton-birdy.xpi We had around 57 downloads for our first release, we'd love to see that many users upgrade and send us feedback. We're really looking for informational leaks but the most important kinds of leaks are proxy bypass or other kinds of seriously harmful bugs. Here is our long running open bug about reviewing torbutton-birdy: https://trac.torproject.org/projects/tor/ticket/5797 I already mentioned this in the ticket, but might as well say it here too, in case people don't bother to click the link: Attachments can also cause proxy bypass when external apps are launched to open them, esp for doc and pdf attachments. It would be great if someone could test trying to open those attachments, especially after setting the prefs I mention in: https://trac.torproject.org/projects/tor/ticket/5797#comment:12. If the prefs don't cause a warning of some kind first, you might need to adapt that component I linked to in comment 11... ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Torbutton-birdy version 0.0.2
On 05/25/2012 07:17 PM, Mike Perry wrote: > Thus spake Jacob Appelbaum (ja...@appelbaum.net): > >> I'm pleased to say that Sukhbir, tanaq, and I are making progress on >> Torbutton-birdy, the Torbutton like plugin for Thunderbird. Today marks >> the second release with two important fixes: > > I say we just call it TorBirdy. Easier to type, and has a better ring to it > I think. > > Hopefully, Torbutton will soon be entirely forgotten in favor of Tor > Browser, anyways :). I've renamed it: https://github.com/ioerror/torbirdy > >> the auto-configuration wizard leaks, so we disabled it >> the timezone is now UTC and does not leak your actual timezone >> >> You may download the xpi here: >> https://github.com/downloads/ioerror/torbutton-birdy/torbutton-birdy.xpi >> >> We had around 57 downloads for our first release, we'd love to see that >> many users upgrade and send us feedback. We're really looking for >> informational leaks but the most important kinds of leaks are proxy >> bypass or other kinds of seriously harmful bugs. >> >> Here is our long running open bug about reviewing torbutton-birdy: >> https://trac.torproject.org/projects/tor/ticket/5797 > > I already mentioned this in the ticket, but might as well say it here > too, in case people don't bother to click the link: Attachments can also > cause proxy bypass when external apps are launched to open them, esp for > doc and pdf attachments. > Good catch. > It would be great if someone could test trying to open those > attachments, especially after setting the prefs I mention in: > https://trac.torproject.org/projects/tor/ticket/5797#comment:12. > > If the prefs don't cause a warning of some kind first, you might need to > adapt that component I linked to in comment 11... > I'll take a look - thanks! All the best, Jacob ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] apt-get over tor
What are the dangers of using apt-get over Tor? Is privoxy + Tor the safest way to go? What attacks are possible? Any idea if there a way to setup a iptables firewall to prevent leaks? I don't think it currently leaks although should there be a risk introduced in the future a firewall that could protect against it would be ideal I think. /etc/apt/apt.conf Acquire::http::Proxy "http://127.0.0.1:8118/";; What about curl? Any idea how to do this with curl? Or proxychains? http://www.switchroot.com/how-to-run-apt-get-wget-whois-etc-via-socks-proxy-using-proxychains ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Torbutton-birdy version 0.0.2
On 05/25/2012 07:52 PM, Anne magarey wrote: > I, probably in ignorance, am unable to download the xpi. Please can > someone describe how to for me? > All downloads should be listed here: https://github.com/ioerror/torbirdy/downloads The file is here: https://github.com/downloads/ioerror/torbirdy/torbirdy.xpi All the best, Jacob ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
