Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2011-03-08T03:06:06Zhttps://gitlab.torproject.org/legacy/trac/-/issues/2593Write up Iteration Report for 201103052011-03-08T03:06:06ZMike PerryWrite up Iteration Report for 20110305This is a placeholder to count the work for writing up my iteration reports and continuing to refine that process.This is a placeholder to count the work for writing up my iteration reports and continuing to refine that process.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/2590Record Circuit Built Timeout values on Torperf runs2020-06-13T17:49:48ZMike PerryRecord Circuit Built Timeout values on Torperf runsWe need to alter the extra_data.py script to handle BUILDTIMEOUT_SET events, as well as output this data to its log.We need to alter the extra_data.py script to handle BUILDTIMEOUT_SET events, as well as output this data to its log.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/2551Torperf should output circuit build times2020-06-13T17:49:44ZMike PerryTorperf should output circuit build timesThe extra_data.py listener for TorPerf should be outputting circuit build times for research and analysis. I can help with this. It shouldn't be too difficult to do if we just add CIRC events to its EventListener.
The .extradata file fo...The extra_data.py listener for TorPerf should be outputting circuit build times for research and analysis. I can help with this. It shouldn't be too difficult to do if we just add CIRC events to its EventListener.
The .extradata file format may change, which may or may not make some people sad. I'm not sure if anyone besides us is looking at those files though.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/2359Error prevents display of gitweb.tpo/tor.git2020-06-13T00:05:02ZRobert RansomError prevents display of gitweb.tpo/tor.gitBrowsing to https://gitweb.torproject.org/tor.git in Firefox 4.0b7 with Torbutton 1.3.1-alpha installed and Tor enabled produces an error:
```
XML Parsing Error: undefined entity
Location: https://gitweb.torproject.org/tor.git
Line Numb...Browsing to https://gitweb.torproject.org/tor.git in Firefox 4.0b7 with Torbutton 1.3.1-alpha installed and Tor enabled produces an error:
```
XML Parsing Error: undefined entity
Location: https://gitweb.torproject.org/tor.git
Line Number 41, Column 20:
<div class="title"> </div>
-------------------^
```
The page loads properly with Tor disabled.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/21481.3.x: RefSpoofer fails on 5 test cases out of 12.2020-06-13T00:48:00Ztails-developers1.3.x: RefSpoofer fails on 5 test cases out of 12.I conducted a bunch of test on the new refSpoofer feature from version 1.3.0alpha. Here are the result, in 4 situations for each of the 3 modes.
| | | A - nospoof | B - smartspoof | C - spoofblank |
|-|-|-------------|----------------|-...I conducted a bunch of test on the new refSpoofer feature from version 1.3.0alpha. Here are the result, in 4 situations for each of the 3 modes.
| | | A - nospoof | B - smartspoof | C - spoofblank |
|-|-|-------------|----------------|----------------|
| 1 | one.domain.tld/a -> one.domain.tld/b | OK - sent | OK - sent | OK - not sent |
| 2 | domain.tld -> one.domain.tld | BAD! - not sent | BAD? - sent one.domain.tld | OK - not sent |
| 3 | domain.tld -> www.domain.tld | BAD! - not sent | BAD! - not sent | OK - not sent |
| 4 | google.com -> one.domain.tld | BAD! - not sent | OK - not sent | OK - not sent |
As you can see :
* it is not leaking HTTP Referers when it shouldn't, except in case (B2) but it was not clear from the comments in the source code whether it should send it or not. I would say it should not.
* the smartspoof mode works in the two most obvious cases (1) and (4) but the two cases (2) and (3) have to be better specified.
* the nospoof fails is a non-ambiguous case where the user configure it to send Referers between different domains.Torbutton: 1.3Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/2028Reproduce gmail PDF issue w/ debug log output2020-06-15T23:13:08ZMike PerryReproduce gmail PDF issue w/ debug log outputThe way gmail handles pdf url rewriting seems to be causing problems. PDFs are neither downloadable nor viewable in Google Docs while using Torbutton.The way gmail handles pdf url rewriting seems to be causing problems. PDFs are neither downloadable nor viewable in Google Docs while using Torbutton.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/20251.3.x: Non-tor cookies not protected2020-06-13T00:05:02ZTrac1.3.x: Non-tor cookies not protectedDespite 'Store Non-Tor Cookies in a protected jar' being enabled, non-Tor cookies are wiped on Tor-enable.
Is there an interaction with 'Do not write Non-Tor cookies to disk'?
OSX PPC FF2.
Related to https://trac.torproject.org/projects/...Despite 'Store Non-Tor Cookies in a protected jar' being enabled, non-Tor cookies are wiped on Tor-enable.
Is there an interaction with 'Do not write Non-Tor cookies to disk'?
OSX PPC FF2.
Related to https://trac.torproject.org/projects/tor/ticket/2011 ??
which stopped experimentation with enabling/disabling 'Do not write Non-Tor cookies to disk'.
**Trac**:
**Username**: downieTorbutton: 1.3Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/19991.3.x: tor:// URL support may allow attacks on Torbutton2020-06-13T00:10:58ZRobert Ransom1.3.x: tor:// URL support may allow attacks on Torbutton[https://twitter.com/egyp7/status/26023995288]
Mike Perry thinks this tweet is about the possibility that a web site could detect the presence of Torbutton by putting a tor: URL in an IFRAME and measuring how long Firefox takes to repor...[https://twitter.com/egyp7/status/26023995288]
Mike Perry thinks this tweet is about the possibility that a web site could detect the presence of Torbutton by putting a tor: URL in an IFRAME and measuring how long Firefox takes to report a page-not-found error -- if Torbutton is not installed, it fails immediately; if Torbutton is installed, it waits until the user responds to a pop-up dialog, and then either fails the load attempt or switches into Tor mode and loads the URL.
The warning dialogs might also allow a DoS attack on Torbutton users -- JavaScript can repeatedly add IMG tags to a page with tor: source URLs, and the repeated popups will make a user's browser unusable.Torbutton: 1.3Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/1968window.name is persistent across torbutton toggle2020-06-13T00:39:08ZTracwindow.name is persistent across torbutton toggleIf window.name is assigned by a website, it's value can be read by any JavaScript running in the same tab *at any point in the future*, regardless of what website the JavaScript is from.
**Trac**:
**Username**: katmagicIf window.name is assigned by a website, it's value can be read by any JavaScript running in the same tab *at any point in the future*, regardless of what website the JavaScript is from.
**Trac**:
**Username**: katmagicMike PerryMike Perry