[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r13148: Corrected minor errors in (or simply improved) URL:s, netmas (in incognito/trunk: . arch root_overlay/etc/socks root_overlay/etc/tor root_overlay/usr/sbin root_overlay/var/lib/firefox-config/firefox/m7m1jk79.Default User root_overlay/var/lib/kdesession)
Author: anonym
Date: 2008-01-16 10:16:08 -0500 (Wed, 16 Jan 2008)
New Revision: 13148
Modified:
incognito/trunk/TODO
incognito/trunk/arch/readme.html
incognito/trunk/root_overlay/etc/socks/socks.conf
incognito/trunk/root_overlay/etc/socks/tsocks.conf
incognito/trunk/root_overlay/etc/tor/torrc
incognito/trunk/root_overlay/usr/sbin/create-homevol
incognito/trunk/root_overlay/var/lib/firefox-config/firefox/m7m1jk79.Default User/prefs.js
incognito/trunk/root_overlay/var/lib/kdesession/bookmarks.xml
incognito/trunk/root_overlay/var/lib/kdesession/kioslaverc
incognito/trunk/root_overlay/var/lib/kdesession/konquerorrc
Log:
Corrected minor errors in (or simply improved) URL:s, netmasks etc. here and there.
Firefox doesn't use proxy for local address spaces.
Added TODO item about mixmaster.
Modified: incognito/trunk/TODO
===================================================================
--- incognito/trunk/TODO 2008-01-16 05:27:19 UTC (rev 13147)
+++ incognito/trunk/TODO 2008-01-16 15:16:08 UTC (rev 13148)
@@ -12,16 +12,13 @@
- Script to generate CDs from SVN checkout
It would be nice to have a script in SVN that builds everything with one command. One important point is to determine if we have a Gentoo machine or not. If not download a stage3 tarball and create a chroot environment. Catalyst needs to be installed. The rest is documented in building.html.
-- Test script that copies to USB
-It is difficult to get a hold of a lot of USB hardware to test this script. If you'd like to test it, run "sudo /usr/sbin/create-usb" from an xterm as the script outputs what it is doing. This will help if a problem occurs.
-
- Wipe memory and reboot when USB drive is removed
If running from the USB drive and it is removed, wipe memory and reboot. If you're in a persecuted country and they are on to you, you can grab the USB and leave.
- Mixminion on tiny
Install mixminion on the tiny version and use Xdialog to provide UI. Needs a link in the fluxbox menu as well. The main problem here is that mixminion is a python program, and python takes too much space. There is a freeze.py in the python distribution that creates an executable that does not depends on python. Two problems with this, the result for mixminion is over 3MB and it isn't straightforward to create the executable, there are import errors when running it.
-- Allow higher resolutions than 1024x768
+- Allow other resolutions than 1024x768
Add a menu option to the boot menu to select a higher resolution, OR attempt to do monitor detection when configuring. The latest x.org server has much better auto-detection, perhaps allowing it to do more work would be better. Note that a kernel option "xres=1024x768" is available (plug in your own dimensions) and working. A boot menu option requires a custom syslinux menu which does not look too difficult.a
- A less hack-ish macchanger option to boot menu
@@ -38,15 +35,15 @@
AutomapHostsSuffixes .exit,.onion
- Retroshare instant messenger
-Looks promising. Might be added when out of beta. See: http://retroshare.sourceforge.net
+Might be added when out of beta. See: http://retroshare.sourceforge.net
- Consider using hardend profile ?
- Consider using grsec ?
-- Add torbutton, disabling tor enable/disable in toolbar and status bar
-torbutton is more user friendly and less annoying than NoScript+CookieCuller so if it provides a reasonable amount of protection for tor (which it should since that's its design goal) it should replace the other two extensions when it becomes more stable.
-Also, if we setup a new http(s) proxy that is excluded from the netfiler tor forwarding, torbutton could be used to have firefox access the network directly, which can be necessary when ISP require logins (see below).
+- Add Torbutton, disabling Tor enable/disable in toolbar and status bar
+Torbutton is more user friendly and less annoying than NoScript+CookieCuller so if it provides a reasonable amount of protection for Tor (which it should since that's its design goal) it should replace the other two extensions when it becomes more stable.
+Also, if we setup a new http(s) proxy that is excluded from the netfiler Tor forwarding, Torbutton could be used to have firefox access the network directly, which can be necessary when ISP require logins (see below).
- Update Incognito branded images
livecd-stage2.sh has some branding support so you can change the name. There are a few images that still have Incognito. ImageMagick scripting looks like a possible way to do this.
@@ -56,15 +53,12 @@
- Handle ISP login requirement
Public networks may require a login before allowing access to the outside. Generally this is done by a transparent proxy that redirects to the login screen whenever an http request is made. A solution to this may be to add the class C network to the iptables exclusion list so the redirect won't run through Tor. The user will need to access something on the local net first though since the redirect won't happen when running through Tor. Other suggestions are welcome.
-(see entry for torbutton for a possible solution)
+(see entry for Torbutton for a possible solution)
- Allow Tor to be bypassed
Sometimes a direct connection to the Internet is desired. We need a way to bypass the iptables filter. Possibly another proxy process that does not go through Tor. There should be a clear indicator that we are not anonymous.
-(see entry for torbutton for a possible solution)
+(see entry for Torbutton for a possible solution)
-- Move to kernel 2.6.22
-Note that as of 2007-08-24 some of the wireless NIC drivers will not compile with 2.6.22.
-
- Fix virtual USB boot for read/write mode
The CD or USB may be run in a virtual PC for computers that won't boot from removable media. USB must be run read-only due to bugs in QEMU (writable vvfat). When QEMU fixes this, we should use it.
See http://www.h7.dion.ne.jp/~qemu-win/HowToFloppyCdrom-en.html
@@ -79,5 +73,5 @@
Make it possible to to permanently decline creating a persistent home partition during boot from USB (otherwise this will constantly be halting the boot process).
This easily implemented by a "lock" file, i.e. NO_PERSISTANT on the USB root, created by external-config-setup when the users choses to never have a persistent home. external-config-setup will check for the existence of that file before prompting the user. Also, there should be a readily available script which resets this available on the KDE desktop and in the fluxbox menu.
-- TrueCrypt problem
-The outer layer password is not accepted for some reason.
+- Mixmaster
+Install mixmaster and mixmaster-smtp and integrate into mail clients. Remove mixminion-smtp.
Modified: incognito/trunk/arch/readme.html
===================================================================
--- incognito/trunk/arch/readme.html 2008-01-16 05:27:19 UTC (rev 13147)
+++ incognito/trunk/arch/readme.html 2008-01-16 15:16:08 UTC (rev 13148)
@@ -10,7 +10,7 @@
</p>
<p>
-The latest version can be found at <a href="http://www.patdouble.com/incognito.html">http://www.patdouble.com/incognito.html</a>.
+The latest version can be found at <a href="http://incognito.anonymityanywhere.com/">http://incognito.anonymityanywhere.com/</a>.
</p>
</body>
Modified: incognito/trunk/root_overlay/etc/socks/socks.conf
===================================================================
--- incognito/trunk/root_overlay/etc/socks/socks.conf 2008-01-16 05:27:19 UTC (rev 13147)
+++ incognito/trunk/root_overlay/etc/socks/socks.conf 2008-01-16 15:16:08 UTC (rev 13148)
@@ -1,133 +1,3 @@
-# The configfile is divided into two parts; first misc. settings,
-# then the routes. Objects in '[]' are optional.
-#
-#
-# recommended order is:
-# [debug]
-# [logoutput]
-# [resolveprotocol]
-#
-# routes:
-# from to via
-# [command]
-# [extension]
-# [protocol]
-# [proxyprotocol]
-
-
-#debug: 1 # uncomment to enable debugging
-
-#logoutput: stdout # users usually don't want to be bothered with that.
-
-# What protocol should be used for resolving hostnames? It's important
-# to set this right.
-#resolveprotocol: udp # default
-#resolveprotocol: tcp # set this if your socksserver only supports socksv4.
-#resolveprotocol: fake # set this if your clients can't access nameserver,
- # neither directly nor proxied.
-
-
-
-#
-# the routes
-#
-
-# specifying routes for accepting remote connections (via bind()) is
-# difficult since we can't know what the "to:" address is
-# until we actually get the connection Since we support letting
-# the client accept connections both via the proxyserver and
-# "directly" at the same time, we have two options though:
-# a) specify a route for bind (only) first going via the proxyserver.
-# This will also handle "direct" connections.
-# b) specify a route for bind (only) first going "direct".
-# This means clients will only be able to accept "direct"
-# connections.
-
-# we want to accept remote connections via the proxyserver.
-#route {
-# from: 0.0.0.0/0 to: 0.0.0.0/0 via: 10.1.1.1 port = 1080
-# command: bind
-#}
-
-# we do not want to accept remote connections via the proxyserver.
-#route {
-# from: 0.0.0.0/0 to: 0.0.0.0/0 via: direct
-# command: bind
-#}
-
-
-# if you don't route all local connections via direct, you should
-# at least route nameserver connections via direct connections if you
-# can. That can make for much better performance, depending on
-# your setup. Make sure the nameserver line is the first.
-#
-# Assuming your nameserver runs on address 10.1.1.1, you can do it like this:
-#route {
-# from: 0.0.0.0/0 to: 10.1.1.1/32 port = domain via: direct
-#}
-
-
-# have a route making all connections to loopback addresses be direct.
-#route {
-# from: 0.0.0.0/0 to: 127.0.0.0/8 via: direct
-# command: connect udpassociate # everything but bind, bind confuses us.
-#}
-
-# Our net is the 10.0.0.0/8 net, let clients going to local address go
-# direct, not via server.
-#route {
-# from: 0.0.0.0/0 to: 10.0.0.0/8 via: direct
-#}
-
-# for poor souls trapped behind a msproxy server.
-#route {
-# from: 0.0.0.0/0 to: 0.0.0.0/0 via: 10.1.1.1 port = 1745
-# protocol: tcp # server supports tcp
-# proxyprotocol: msproxy_v2 # server runs msproxy_v2
-#}
-
-# clients going anywhere else go via server listening at
-# IP address 10.1.1.1, port 1080. Note that unless you have
-# specified a direct connection for DNS, or the socksserver is resolvable
-# without network traffic, you can't give a hostname for the socksserver,
-# you must give a IP address. (the reasons for that are logical enough,
-# you would create a loop otherwise.)
-#route {
-# from: 0.0.0.0/0 to: 0.0.0.0/0 via: 10.1.1.1 port = 1080
-# protocol: tcp udp # server supports tcp and udp.
-# proxyprotocol: socks_v4 socks_v5 # server supports socks v4 and v5.
-# method: none #username # we are willing to authenticate via
-# # method "none", not "username".
-#}
-#
-# this is identical to the above, but it matches hostnames instead.
-# This is if you have clients that are unable to resolve hostnames.
-# It can be important that hostname routes come after address routes.
-#route {
-# from: 0.0.0.0/0 to: . via: 10.1.1.1 port = 1080
-# protocol: tcp udp # server supports tcp and udp.
-# proxyprotocol: socks_v4 socks_v5 # server supports socks v4 and v5.
-# method: none #username # we are willing to authenticate via
-# # method "none", not "username".
-#}
-
-# identical to above two routes, but using a httpproxy instead.
-#
-
-#route {
-# from: 0.0.0.0/0 to: 0.0.0.0/0 via: 10.1.1.1 port = 3128
-# command: connect # only thing a httproxy supports.
-# proxyprotocol: http_v1.0
-#}
-
-#route {
-# from: 0.0.0.0/0 to: . via: 10.1.1.1 port = 3128
-# command: connect # only thing a httproxy supports.
-# proxyprotocol: http_v1.0
-#}
-
-
-
# 'fake' sends host name to SOCKS server
resolveprotocol: fake
@@ -137,19 +7,18 @@
}
# Private network
route {
- from: 0.0.0.0/0 to: 172.16.0.0/16 via: direct
+ from: 0.0.0.0/0 to: 172.16.0.0/12 via: direct
}
# Private network
route {
from: 0.0.0.0/0 to: 192.168.0.0/16 via: direct
}
-# Loopback
+# Loopback (except .onion virtual address space of 127.192.0.0+)
route {
- from: 0.0.0.0/0 to: 127.0.0.0/255.128.0.0 via: direct
+ from: 0.0.0.0/0 to: 127.0.0.0/9 via: direct
}
-# Onion network
route {
- from: 0.0.0.0/0 to: 127.128.0.0/255.192.0.0 via: direct
+ from: 0.0.0.0/0 to: 127.128.0.0/10 via: direct
}
route {
Modified: incognito/trunk/root_overlay/etc/socks/tsocks.conf
===================================================================
--- incognito/trunk/root_overlay/etc/socks/tsocks.conf 2008-01-16 05:27:19 UTC (rev 13147)
+++ incognito/trunk/root_overlay/etc/socks/tsocks.conf 2008-01-16 15:16:08 UTC (rev 13148)
@@ -14,6 +14,6 @@
# My local networks
local = 10.0.0.0/255.0.0.0
-local = 172.16.0.0/255.255.0.0
+local = 172.16.0.0/255.240.0.0
local = 192.168.0.0/255.255.0.0
Modified: incognito/trunk/root_overlay/etc/tor/torrc
===================================================================
--- incognito/trunk/root_overlay/etc/tor/torrc 2008-01-16 05:27:19 UTC (rev 13147)
+++ incognito/trunk/root_overlay/etc/tor/torrc 2008-01-16 15:16:08 UTC (rev 13148)
@@ -3,15 +3,15 @@
PIDFile /var/lib/tor/tor.pid
-ContactInfo Incognito LiveCD <incognito@xxxxxxxxxxxxx>
+Log notice syslog
+DataDirectory /var/lib/tor/data
+
+ContactInfo Incognito LiveCD
+
SocksPort 9050
SocksListenAddress 127.0.0.1
-Log notice syslog
-
-DataDirectory /var/lib/tor/data
-
ControlPort 9051
ControlListenAddress 127.0.0.1
@@ -21,6 +21,8 @@
ORPort 9001
DirPort 9030
+VirtualAddrNetwork 127.192.0.0/10
+
ExitPolicy reject *:* # middleman only -- no exits allowed
AvoidDiskWrites 1
Modified: incognito/trunk/root_overlay/usr/sbin/create-homevol
===================================================================
--- incognito/trunk/root_overlay/usr/sbin/create-homevol 2008-01-16 05:27:19 UTC (rev 13147)
+++ incognito/trunk/root_overlay/usr/sbin/create-homevol 2008-01-16 15:16:08 UTC (rev 13148)
@@ -38,7 +38,7 @@
# Check if minimum required amount of space is available
if [[ ${MAX_SIZE} -lt ${MIN_SIZE} ]]; then
- echo "Sorry, but you do not have enough space left on the media."
+ echo "Sorry, but you do not have enough space left on the media (Minimum needed: ${MIN_SIZE} MB, currently available: ${MAX_SIZE} MB)"
exit 1
fi
Modified: incognito/trunk/root_overlay/var/lib/firefox-config/firefox/m7m1jk79.Default User/prefs.js
===================================================================
--- incognito/trunk/root_overlay/var/lib/firefox-config/firefox/m7m1jk79.Default User/prefs.js 2008-01-16 05:27:19 UTC (rev 13147)
+++ incognito/trunk/root_overlay/var/lib/firefox-config/firefox/m7m1jk79.Default User/prefs.js 2008-01-16 15:16:08 UTC (rev 13148)
@@ -13,7 +13,11 @@
user_pref("app.update.autoInstallEnabled", false);
user_pref("app.update.auto", false);
user_pref("browser.cache.disk.capacity", 0);
-user_pref("browser.history_expire_days.mirror", 9);
+user_pref("browser.history_expire_days", 0);
+user_pref("browser.history_expire_days.mirror", 0);
+user_pref("privacy.item.cookies", true);
+user_pref("privacy.sanitize.promptOnSanitize", false);
+user_pref("privacy.sanitize.sanitizeOnShutdown", true);
user_pref("browser.preferences.advanced.selectedTabIndex", 0);
user_pref("browser.search.update", false);
user_pref("browser.shell.checkDefaultBrowser", false);
@@ -24,6 +28,34 @@
user_pref("extensions.lastAppVersion", "2.0.0.11");
user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1.11");
+/* Firefox: disable extension updates. */
+user_pref("extensions.update.enabled", false);
+user_pref("extensions.update.notifyUser", false);
+user_pref("network.cookie.prefsMigrated", true);
+
+/* Firefox: network performance improvements. */
+user_pref("network.http.keep-alive.timeout", 600);
+user_pref("network.http.max-persistent-connections-per-proxy", 16);
+user_pref("network.http.pipelining", true);
+user_pref("network.http.pipelining.maxrequests", 8);
+user_pref("network.http.proxy.pipelining", true);
+
+/* Firefox: HTTP/SOCKS proxies. */
+user_pref("network.proxy.http", "127.0.0.1");
+user_pref("network.proxy.http_port", 3128);
+user_pref("network.proxy.socks", "127.0.0.1");
+user_pref("network.proxy.socks_port", 9050);
+user_pref("network.proxy.socks_remote_dns", true);
+user_pref("network.proxy.ssl", "127.0.0.1");
+user_pref("network.proxy.ssl_port", 3128);
+user_pref("network.proxy.type", 1);
+user_pref("network.proxy.no_proxies_on", "localhost, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/9, 127.128.0.0/10");
+
+/* Firefox: fonts */
+user_pref("font.name.monospace.x-western", "Bitstream Vera Sans Mono");
+user_pref("font.name.sans-serif.x-western", "Bitstream Vera Sans");
+user_pref("font.name.serif.x-western", "Bitstream Vera Serif");
+
/* NoScript: prevent update page, notifications and auto-refresh */
user_pref("noscript.temp", "");
user_pref("noscript.version", "1.2.9");
@@ -58,30 +90,3 @@
user_pref("extensions.firegpg.gpg_path", "gpg");
user_pref("extensions.firegpg.gpg_version", "0.4.7");
user_pref("extensions.firegpg.no_updates", true);
-
-/* Firefox: disable extension updates. */
-user_pref("extensions.update.enabled", false);
-user_pref("extensions.update.notifyUser", false);
-user_pref("network.cookie.prefsMigrated", true);
-
-/* Firefox: network performance improvements. */
-user_pref("network.http.keep-alive.timeout", 600);
-user_pref("network.http.max-persistent-connections-per-proxy", 16);
-user_pref("network.http.pipelining", true);
-user_pref("network.http.pipelining.maxrequests", 8);
-user_pref("network.http.proxy.pipelining", true);
-
-/* Firefox: HTTP/SOCKS proxies. */
-user_pref("network.proxy.http", "127.0.0.1");
-user_pref("network.proxy.http_port", 3128);
-user_pref("network.proxy.socks", "127.0.0.1");
-user_pref("network.proxy.socks_port", 9050);
-user_pref("network.proxy.socks_remote_dns", true);
-user_pref("network.proxy.ssl", "127.0.0.1");
-user_pref("network.proxy.ssl_port", 3128);
-user_pref("network.proxy.type", 1);
-
-/* Fonts */
-user_pref("font.name.monospace.x-western", "Bitstream Vera Sans Mono");
-user_pref("font.name.sans-serif.x-western", "Bitstream Vera Sans");
-user_pref("font.name.serif.x-western", "Bitstream Vera Serif");
Modified: incognito/trunk/root_overlay/var/lib/kdesession/bookmarks.xml
===================================================================
--- incognito/trunk/root_overlay/var/lib/kdesession/bookmarks.xml 2008-01-16 05:27:19 UTC (rev 13147)
+++ incognito/trunk/root_overlay/var/lib/kdesession/bookmarks.xml 2008-01-16 15:16:08 UTC (rev 13148)
@@ -7,13 +7,13 @@
<metadata owner="http://www.kde.org" />
</info>
</bookmark>
- <bookmark icon="www" href="http://www.patdouble.com" >
- <title>__INCOGNITO__</title>
+ <bookmark icon="favicons/incognito.anonymityanywhere.com" href="http://incognito.anonymityanywhere.com/" >
+ <title>__INCOGNITO__ Home</title>
<info>
<metadata owner="http://www.kde.org" />
</info>
</bookmark>
- <bookmark icon="www" href="http://wiki.noreply.org/noreply/TheOnionRouter" >
+ <bookmark icon="favicons/wiki.noreply.org" href="http://wiki.noreply.org/noreply/TheOnionRouter" >
<title>TheOnionRouter - Noreply Wiki</title>
<info>
<metadata owner="http://www.kde.org" />
Modified: incognito/trunk/root_overlay/var/lib/kdesession/kioslaverc
===================================================================
--- incognito/trunk/root_overlay/var/lib/kdesession/kioslaverc 2008-01-16 05:27:19 UTC (rev 13147)
+++ incognito/trunk/root_overlay/var/lib/kdesession/kioslaverc 2008-01-16 15:16:08 UTC (rev 13148)
@@ -2,7 +2,7 @@
PersistentProxyConnection=true
[Proxy Settings]
-NoProxyFor=127.0.0.1,localhost,10.0.0.0,192.168.0.0,172.16.0.0
+NoProxyFor=127.0.0.1,localhost
ProxyType=1
httpProxy=http://127.0.0.1:3128
httpsProxy=http://127.0.0.1:3128
Modified: incognito/trunk/root_overlay/var/lib/kdesession/konquerorrc
===================================================================
--- incognito/trunk/root_overlay/var/lib/kdesession/konquerorrc 2008-01-16 05:27:19 UTC (rev 13147)
+++ incognito/trunk/root_overlay/var/lib/kdesession/konquerorrc 2008-01-16 15:16:08 UTC (rev 13148)
@@ -10,6 +10,10 @@
IconText=IconOnly
Index=3
+[KonqMainWindow Toolbar]
+IconText=IconTextRight
+Index=2
+
[KonqMainWindow Toolbar bookmarkToolBar]
IconText=IconTextRight
Index=2