[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Satori (this crazy app thing I've been working on)

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Satori (this crazy app thing I've been working on)
From: Griffin Boyce <griffin@xxxxxxxxxxxxx>
Date: Thu, 08 May 2014 17:21:40 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 08 May 2014 17:26:30 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cryptolab.net; s=stigmate; t=1399584101; bh=Zxjp3kumZBlwbsXwCGxGbWYW2LJ2TmARCo6bJBsaox8=; h=Date:From:To:Subject:In-Reply-To:References; b=JG9Cjg6UHOD8pq0zwsWT5GC1BVF43zgVA1eWW+sMQAuHxUTvilULFYmV6LIYL/Otq BYNmlYcijw4/suyLDZIt5pgqgZGuyW35+5X5n8KTx9EjmmSSCvaomwQ4GSiUdyfSo6 mC+Z/A1zqjQYSldpp9cwjrizz3owYPJHaRG6Dj1k=
In-reply-to: <53670879.3030805@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <12695b66369a55df5e1f5989d41a33f8@xxxxxxxxxxxxx> <53670879.3030805@xxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: autistici.org webmail

Sorry for the delay in responding. Life gets in the way sometimes.;-)


Runa A. Sandvik wrote:

Sounds interesting! Could you say a bit more about how it distributessoftware?

So it offers downloads from places that are not currently blocked orMITM'd: Google's Chrome Web Store, Amazon, and Github. Which seemunlikely to be due to various economic factors at play. This is mostlymy opinion, though backed by research I've done in this area. Granted,distributing from these three sites could change the equation forcensors, but right now it works very well.

Fetching .crx files from the Chrome Web Store is particularly devious,as these are unlisted extensions across a few accounts. These downloadas zip files which contain the Tor Browser Bundle. This option is onlyavailable for Chinese, Farsi, and Arabic, as it takes a fairly largeamount of time to set up. Downloading from Github or Amazon is morestraightforward, and downloads the usual .zip file. The bundles aren'tmodified in any way, so the sha256 checksums and gpg signatures shouldbe verifiable across torproject.org and its mirrors.

I've been weighing fetching the files via torrent with something likebitford or bittorrent torque built-into Satori, but haven't come to asolid conclusion on it. It's technically possible to do so, but thereare questions in my mind that need to be resolved before I think thiscould be a real solution. Mostly because it's easy for a censor to juststart seeding a given torrent and then tally IP addresses of peopledownloading. Another is whether the trackers would just get blockedoutright (and running a tracker on AWS sort of loops back around to theidea of a single point of failure).



Sukhbir Singh wrote:

This is a great idea. This coupled with GetTor can help alleviate our
bundle distribution issues :)


  Thanks! ^_^

Some feedback, mostly related to the UI/UX, so this may very well be a
personal opinion but I will still comment because I really hope we use
this to distribute the bundles.

I'm not sure whose call that is, tbh. Happy to keep it a personalproject =) And UI/UX feedback is always welcome.

- the background looks nice but we can probably use something simple
just to make sure that it is accessible

True. I'm planning to add a stylesheet for screen readers (which wouldhide the <canvas> entirely), along with WAI-ARIA attributes[1] to makeit more accessible overall. I really like the background, but might nixthe space theme and go with the polygons on black instead.

- the (A) and (B) for the download links should be redesigned.

Agreed. Currently leaning towards replacing A/B/C with download iconsthat indicate the source. That sentence is super dry, but I think youget what I mean.

- is it possible to use this without signing in to your Google account?

Yes! First, download the zip from github:https://github.com/glamrock/satori


* Go to chrome://extensions/
* â Developer mode
* Click "Load unpacked extension"
* Choose Satori/chrome directory

Then go to chrome://apps/ to launch (this is the apps page). Oncedevelopment slows a bit, the goal is to have gpg-signed releases in thegithub repo. So that way it's possible to independently verify that theapp came from me and still use it without logging in to google.

- checksums for some of the bundles was not working
- sorry, couldn't resist -- it's TorBirdy and not Torbirdy ;)


  Oh butts, I didn't even notice those! :D  Will fix!

Very well done though! The hash generation takes the prize above all!

Thanks, though the Google Closure library really does the heavylifting on that.

Please keep us informed about the development.


  Will do!

best,
Griffin

[1] http://www.w3.org/TR/wai-aria-1.1/
[2] https://www.transifex.com/projects/p/cupcake/resource/satori-chrome/
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Satori (this crazy app thing I've been working on)
  - From: Griffin Boyce
- Re: [tor-talk] Satori (this crazy app thing I've been working on)
  - From: Sukhbir Singh

Prev by Author: [tor-talk] Satori (this crazy app thing I've been working on)
Next by Author: Re: [tor-talk] Satori (this crazy app thing I've been working on)
Previous by thread: Re: [tor-talk] Satori (this crazy app thing I've been working on)
Next by thread: Re: [tor-talk] Satori (this crazy app thing I've been working on)
Index(es):
- Author
- Thread