faster ssh/scp on SMP/multi-core systems

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A nice paper just popped up on
the tor-mailing list.

Abstract
SCP and the underlying SSH2 protocol implementation in OpenSSH is network performance limited by statically defined internal flow control buffers. These buffers often end up acting as a bottleneck for network throughput of SCP, especially on long and high bandwith network links. Modifying the ssh code to allow the buffers to be defined at run time eliminates this bottleneck. We have created a patch that will remove the bottlenecks in OpenSSH and is fully interoperable with other servers and clients. In addition HPN clients will be able to download faster from non HPN servers, and HPN servers will be able to receive uploads faster from non HPN clients. However, the host receiving the data must have a properly tuned TCP/IP stack. Please refer to this tuning page for more information.

The amount of improvement any specific user will see is dependent on a number of issues. Transfer rates cannot exceed the capacity of the network nor the throughput of the I/O subsystem including the disk and memory speed. The improvement will also be highly influenced by the capacity of the processor to perform the encryption and decryption. Less computational expensive ciphers will often provide better throughput than more complex ciphers.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHs/FVLAZ+Vq4hPgARAt3SAKCe3ntK729GBG3uAY6PMh6Xa9WjXgCg1Swr
vv3DTUO3G+/c4w7utqmuCuI=
=pzqX
-----END PGP SIGNATURE-----

possibly backdoored random-number-generator added with Vista-SP1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



As reported by Bruce Schneier (A very well known cryptoanalyst),
Microsoft has added the Dual_ElipticCurve- PseudoRandomNumberGenerator to Windows Vista.

Exactly this PRNG has is suspected to have a backdoor added to it,

The Overview of Windows Vista Service Pack 1 states: "The Dual Elliptical Curve (Dual EC) PRNG from SP 800-90 is also available for customers who prefer to use it."

---

- - From Did NSA Put a Secret Backdoor in New Encryption Standard? By Bruce Schneier, Wired News, November 15, 2007:

In an informal presentation (.pdf) at the CRYPTO 2007 conference in August, Dan Shumow and Niels Ferguson showed that the algorithm contains a weakness that can only be described a backdoor.

This is how it works: There are a bunch of constants -- fixed numbers -- in the standard used to define the algorithm's elliptic curve. These constants are listed in Appendix A of the NIST publication, but nowhere is it explained where they came from.

What Shumow and Ferguson showed is that these numbers have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can predict the output of the random-number generator after collecting just 32 bytes of its output. To put that in real terms, you only need to monitor one TLS internet encryption connection in order to crack the security of that protocol. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG.

The researchers don't know what the secret numbers are. But because of the way the algorithm works, the person who produced the constants might know; he had the mathematical opportunity to produce the constants and the secret numbers in tandem.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHiyK4LAZ+Vq4hPgARAiEmAKDT3SXjRrImTxUYwheeOJl+shzsOgCeJf7j
O/5jZwEnPpMxOu7jVQ3maHo=
=DF2y
-----END PGP SIGNATURE-----

Tor and privoxy had been ported to iphone

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

from cjacker huang on or-dev:

I just ported libevent, tor-0.1.2.18 and privoxy to iphone 1.1.1 fw.
and finished a iPhone app named iTor.app.
...
It works pretty good on iphone. also I tested it with privoxy on PC
and tor on iphone.

for more infomation and source.
http://www.linux-ren.org/modules/everestblog/?p=161


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6e5LAZ+Vq4hPgARAroOAKC+wNkt1w4d7d2ZFFbo74t+Ao7n/QCfWt4J
PFJftkVmwY5w9N9MeFfbGsM=
=Ocq5
-----END PGP SIGNATURE-----

european data-retention - what does it mean to you, Mr. Operator?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(links given by an austrian informant.)

All over europe people offering anonymity-services are forced to log within the next 13 month.

A german tor-operator now published in his blog under the title ""We are fucked individually!"" the commented, relevant parts of the laws as applicable to tor-operators.

On the german tor-talk mailing-list he gave the following numbers for estimated storage-space required for logging after doing real-world experimentation of that toppic.

Server Traffic: 2.000 KB/s average
logs for 1 week: 200 GByte
logs for 1 week after removing irrelevant content: 120 GByte
after compression and encryption: 20 GByte
sum for 26 weeks (6 month): 500 GByte average
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6eyLAZ+Vq4hPgARAtgsAKCk5tQF7EJakP82MlSqG+H0TY+VvwCeOSEE
/ryHIw2Oi5y+QVCabujYKNg=
=/HZL
-----END PGP SIGNATURE-----

German Privacy Foundation cares for tor-admins and politicians

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Our german informant has been quite busy lately. Here is a complete article from him:

As mentioned on heise news, the newly founded Privacy Foundation is to inform police-personell, courts, tor-admins and politicians alike about privacy-techniques like tor.
This step was found to be needed because of raids on tor-admins lately by uninformed policy that did not know or believe that there where no logs to be found by such a raid.
The foundation is also to help journalists not misrepresent tor and other services to the public.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6fGLAZ+Vq4hPgARAtG0AKDLSUlAgyEgcwe4V0Ljf137r66n4ACeMXXs
xxob1qHW886KT5ekXV7ds80=
=YMPy
-----END PGP SIGNATURE-----

Freenode forced to block tor-clients temporarily

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As stated in the staff blog freenode was forced to block tor-clients because a company named "B & C Advanced Solutions" was violating their policies by creating and publishing chat-logs covertly by bot connecting through the tor-network.
Freenode states that they where unable to identify the boty any other way.

Access via gpg-tor is supposed to be unaffected.

other blog-posts:
irseek: open letter to IRC-operators

techcrunch: Will IRSeeK Have A Chilling Effect on IRC Chat?

IrSeek-page on vorratsdatenspeicherung.de (in english) (provided by a german informant)

geekosphere.org (provided by a german informant)

laxu (provided by a german informant)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6enLAZ+Vq4hPgARArKBAKC2O28RffvTbRG+akMzFT3hld4EMwCfbyic
e5pQbFR6Bij5uvKZ7EOMmog=
=dfqP
-----END PGP SIGNATURE-----

Jury Trial, Jury Nullification

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There is an ongoing discussion on the OnionRouter-Talk mailing list that may be of interest to readers familar with the jury-system in the United Stated of (northern) America.

Apperently there was a 1996-case in the US where a jury-member got a sentence because of informing the other jury-members of (truthfully) a right they had. Also interesting to this topic may be the Fija-organisation.

Note that we did not check the facts presented here to be true. Thus don't trust a site just because "it's written" and don't trust us for that matter.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6ebLAZ+Vq4hPgARAkbGAKDLd4KDVvYykW/JIIxodXB1qy7WQgCfRCbF
tAN58vYa98vIpU4Bvvid4Cg=
=QsrD
-----END PGP SIGNATURE-----

password need not be produced in USofA-court

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

the source(pdf)

A US-District-Court issued a ruling that a canadian need not release the password for his pgp-drive because that is a thought and he has the right to remain silent about his thoughts.
Formerly a password was often seen as a key by the accusers that could be forced to be produced.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6eVLAZ+Vq4hPgARAmbZAKCLC9tuRWuNC5cfGk+RgCC7g4mhPwCbBR9H
KL76qxeXZ0AfpVi3rvirCIM=
=6ewt
-----END PGP SIGNATURE-----

newsflash: Google hands over IP address of anonymous blogger

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

from: globes.co.il:

(shortened)

In an unprecedented move, Google has agreed to supply the IP address of an Israeli blogger who 
used "Google Blogger" for a blog in which he slandered Shaarei Tikva council members running for 
reelection...

The council members asked Google for the blogger's name.
They reached a settlement with the company on the basis of an Israeli ruling on the subject.
The settlement stipulates that 72 hours before a hearing ...the council members would leave the 
blogger a message on his blog summoning him to the hearing, or else his IP address would be 
handed over. The notice would invite the blogger to disclose his identity, participate in the 
hearing, or oppose the disclosure of his identity by filing a motion as "anonymous".
...
Google initially said that disclosing the blogger's identity violated rulings on the balance 
between freedom of expression and a person's right to his reputation.

However, in a pre-ruling, Judge Oren Schwartz said that the blog's content raised suspicions of 
criminal conduct, and Google took the hint. 
...
In line with Judge Schwartz's ruling, Google and the councilmen reached a settlement in their 
dispute. Following the 72 hour period, Google was ordered to hand over the IP address to the 
court....

note: this is not about us. "anonymous" is a fairly...common name nowadays. ;)


We have been given the following links with good articles about the case in major german online-publications.
coverage on lawblog and coverage on heise.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6eBLAZ+Vq4hPgARAkYyAJ9e8yC/ibAkBe638Dk/zkxJll6ifgCgmj5W
j16gdMwdUnGf2jRar/I/GJg=
=8KO8
-----END PGP SIGNATURE-----

"anonymous living"-blog

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We just discovered the anonymous living -blog.
You may want to have a look there. It looks quite good and lively!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6dxLAZ+Vq4hPgARAiUrAJ9TQwPz1cgYqPLVloK6pxwjxoHExACdGOE+
LeFIIZHSM68H8b+dMI+n2q4=
=NWhE
-----END PGP SIGNATURE-----

Tor 0.2.0.12-alpha fixes

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Today Tor 0.2.0.12-alpha was released, fixing among other things "a giant memory-leak".
Here is the Freshmeat announcement.

This release fixes some build problems with the previous snapshot. It also includes a more 
secure-by-default exit policy for relays, fixes an enormous memory leak for exit relays, and fixes 
another bug where servers were falling out of the directory list.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6dfLAZ+Vq4hPgARApnLAJ4r8HWmehEyrQGISTkkdooJI1llKACdH0cB
YDoEyRbiXy4x1cv65qD65is=
=U0Uj
-----END PGP SIGNATURE-----

masked.name

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We recently discovered a nice service we wanted you to know about:
masked.name

You can register here(using tor) and then use a mail, im, irc, ftp in torland and have a public (as in outside torland and on the normal internet) blog on NAME.masked.name.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6dHLAZ+Vq4hPgARAk8lAJ47fJuUCo1LbyCN2ZiZGOYOJKbViQCfYl37
VHqEsP6AopDM9r9ZleHak4w=
=gG+3
-----END PGP SIGNATURE-----

small personal fight in torland

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It looks like a small fight has started in torland.
Matt and Jamon are fighting over "who provides the best hidden services".

Well, we are allways pro-competition so let us see how much improvement in quality and quantity of hidden services we will end up with.

Matt is operating

• the hidden hosting


• The Hidden Wiki-IRC


• Hidden messaging


• and of cause the famous Hidden Wiki

Jamon operates

• the core.onion -directory


• masked.name (including an irc-server)


• jamon.name


• whocalled.us

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6ckLAZ+Vq4hPgARAu44AJ9Zt46BW5l59y4YjrtbbRbvtxI/QgCfdq0D
cch04g3ri3/GTx3vLYZcbak=
=HIw8
-----END PGP SIGNATURE-----

Potential Firefox Leak

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As Matt reported in his/her/their blog there are interesting privacy-implications for torbutton-users with the way firefox loads favicons.

Usually I would link but because the article is in torland I repost it here:

---

Potential Firefox Leak (18 November 2007)
I have discovered a potential leak with any version of firefox (current version as of writing is 2.0.0.9).
The Problem:
Every time you switch tabs, firefox will automatically load the favicon.ico for web sites that did not have one the first time it tried retrieving it (if it's not there the first time, why would it be there later?). If you have multiple tabs open -- some initially loaded with tor enabled (torbutton) and some loaded with tor disabled -- every time you alt+tab or click on a different tab with Tor disabled, firefox is automatically (and without your knowledge) connecting to each site that did NOT have an icon on its initial load. This means that you are revealing your IP address to anyone when you have tor disabled, even when you don't reload any tabs or visit any web sites. Additionally, if you do the inverse (tor enabled with a few non-tor tabs open) you will be revealing that you use tor to any web sites you normally have tor off for.

This problem is not a bug in torbutton, but a bug in firefox that was probably there at one point as a "feature," but is effectively useless.

Workaround:
Close all tabs before toggling torbutton!

Mozilla developers: You can remove that stupid and pointless repeated favicon.ico loading. If it wasn't there 30 seconds ago, why the hell would it be there now? Load it only when the web site is initially loaded and when the tab is refreshed.

- --Matt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD4DBQFHZ6cSLAZ+Vq4hPgARAoRRAKDc9YKJntY2doXyAoMM3O1nmLIpBACVFxXf
OHgxnM3ja9bGS1R0RD5bGg==
=9L31
-----END PGP SIGNATURE-----

Mixminion 0.0.8alpha3 releases

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Today version 0.0.8alpha3 of the Mixminion type III remailer was released.

A few bugs that could crash your server where fixed.

- From the announcement:

NEW IN VERSION 0.0.8alpha3:
   - Create .mixminion directory even when we try to lock before accessing
     it: This prevents "update-servers" from crashing when run without
     a .mixminion directory.
   - Don't die when gzip compression on a downloaded directory is corrupt.
   - Don't die when an incoming connection closes before we can get its
     address.
   - Do not believe any path specifier that results in an impossibly short
     path.
   - Bump preferred openssl version to 0.9.8e.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6bnLAZ+Vq4hPgARAmmvAKC8XCDGrA3NJGLqCYr4YDew/4DDgQCfalj1
HqloLpkcNSzcXG/3+xXRzd4=
=crc2
-----END PGP SIGNATURE-----

new Frost-Release

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A new release of Frost, the anonymous message-board and file-sharing via the Freenet-Project has been released today.

The website states "This release introduces new features and many fixes. You really should update."...so you should do so. ;)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6bbLAZ+Vq4hPgARAs54AJ0Z/6imTJ2zlXKm/77QpHeFWC5glACfe6Pp
/L5+nsKJ+u1kDzeim5W5c5g=
=oMDZ
-----END PGP SIGNATURE-----

eyeOS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A few days ago we found a very nice service allowing us to use
desktop-like application in a browser anonymously.
It works a bit faster then google and you don't have to have
a google-account with cookies and everything.

You can use it on your own php-webspace if you find
one of the many small free-hosters or use the hosted
eyeOS on the developers page.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6atLAZ+Vq4hPgARAquMAKCdj2/Q2EyTbLB4hxo9jG2jVhfEvQCg3ru5
aHkd90igEl6OolhGjDdEvCI=
=KMyq
-----END PGP SIGNATURE-----

summer of code: 6 students to work on freenet-project

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In the Google Summer of Code 6 students are to be working on Freenet-Project.

Swati Goyal will be working on improving searching in Freenet.

Frédéric Rechtenstein will be building us a blogging plugin.

Alberto Bacchelli will be building a test framework and many unit tests.

Vilhelm Verendel will be working on simulating the growth of the network.

Srivatsan will be working on improving Freenet's connection encryption and possibly on darknet introductions.

Mladen Kolar will be building a definitive C/C++ library for the Freenet Client Protocol.


See: The Freenet-Project
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6YuLAZ+Vq4hPgARAjPBAKCLv7Pu/uovLQRNqA0F1pNLrN51vQCguLNc
qtyys0j+c+NTduH2cuKeF4A=
=Gf48
-----END PGP SIGNATURE-----