A warning about the Curl environment variables.
The logic Curl uses for these environment variables is somewhat
confusing and error-prone, especially in relation to the upper-case and
lower-case versions of the environment variable names. These might be
sometimes difficult to get right. What makes these more confusing is
that Wget also uses such variables, but in a slightly different way.
I've been bitten multiple times by accidentally using the wrong case,
forgetting some environment variables being used or unset etc, but
fortunately this only resulted in some CI jobs hanging or bypassing a
cache instead of security issues.
A more canonical reference to using the environment variables might be
the ENVIRONMENT section in the the manpage on the Curl website[1] or on
your system. Note that there might be slight differences in behavior of
different versions of Curl, so the curl(1) manpage on your computer
might better correspond to the actual version of Curl installed.
Test, test, test to verify it works as intended.
But in any case, may the Lord always be your first guide and saviour.
Rely on Him first, not on computers. :)
Jaak
[1]: https://curl.se/docs/manpage.html#ENVIRONMENT
On 01.09.24 21:08, Greg Hellings wrote:
If you have compiled SWORD with libcurl support for its transport, you can
just leverage built in SOCKS support in libcurl. I don't know how you'd do
this in a mobile app (you probably would need to expose it to the user in
your UI), but it should work transparently to the user once the environment
variables are set.
https://blog.emacsos.com/use-socks5-proxy-in-curl.html
--Greg
On Sun, Sep 1, 2024, 12:58 Tobias Klein <cont...@tklein.info> wrote:
Thank you, Jaak and David,
I have passed on your feedback to the user.
See
https://github.com/ezra-bible-app/ezra-bible-app/discussions/1093#discussioncomment-10512596
Best regards,
Tobias
On 8/31/24 5:29 PM, Jaak Ristioja wrote:
Hi,
I'm assuming your SOCKS5 traffic flows through a sufficiently
encrypted network tunnel.
For Linux, there are programs which allow to run other programs and
direct their network traffic to some SOCKS5 proxy, e.g. proxychains-ng:
https://github.com/rofl0r/proxychains-ng/
On Debian, Ubuntu and their derivates one can likely install it by using
sudo apt-get install proxychains4
Proxychains-ng needs to be configured via /etc/proxychains.conf,
~/.proxychains/proxychains.conf or proxychains.conf in the current
working directory unless the -f command line option is used to specify
a different location. After configuration, one should be able to run
programs via commands like
proxychains4 your_program --with=any arguments
However, the problem with such tools is that they might not always
work as intended. For example when network traffic flows via paths
which tools like proxychains-ng do not know to intercept. Fpr example,
this is sometimes the case for DNS traffic (hostname to IP address
lookups) which is sometimes handled via external programs (e.g. DNS
cache service on local machine). So be sure to always thorougly test
(e.g. using network traffic analysis) whether this actually works
properly before actual use, and that nothing leaks. And test again
after ANY software updates or configuration changes. So be VERY VERY
CAREFUL when using things like proxychains-ng.
A safer option might be to use something like Tails, a Debian Linux
based operating system which forces all programs to network over a
local SOCKS proxy providing Tor. It might be possible to configure
Tails to use some other SOCKS5 proxy as well.
Regarding Tor, please note that in its simplest configuration Tor
attempts to connect to public Tor relays, making it possible for
eavesdroppers to detect Tor usage. A way around this (as suggested by
the Tor project) is to use (private) Tor bridges which use domain
fronting, traffic obfuscation and similar tricks. You might also find
some of these technologies useful for the tunneling the SOCKS5 traffic.
Best regards,
Jaak
PS: All security technologies and their implementations, including
proxychains-ng, Tails and Tor, have their weak points. So take care
when evaluating their fitness for your particular purpose.
On 31.08.24 14:20, Tobias Klein wrote:
Hi Troy and all,
One of the Ezra users has asked the following:
The websites for updating modules and downloading Bibles are either
inaccessible or subject to censorship for people living in countries
that restrict internet access.
Could the program be updated to support setting up a SOCKS5 or HTTP
proxy, allowing users to access the internet through a proxy?
How do you assess this request from a SWORD library perspective?
Best regards,
Tobias
_______________________________________________
sword-devel mailing list: sword-devel@crosswire.org
http://crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
_______________________________________________
sword-devel mailing list: sword-devel@crosswire.org
http://crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
_______________________________________________
sword-devel mailing list: sword-devel@crosswire.org
http://crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
_______________________________________________
sword-devel mailing list: sword-devel@crosswire.org
http://crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
_______________________________________________
sword-devel mailing list: sword-devel@crosswire.org
http://crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
