Delivery-Date: Fri, 03 Oct 2014 18:27:34 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id C67691E0B87;
	Fri,  3 Oct 2014 18:27:31 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 1F3683101C;
	Fri,  3 Oct 2014 22:27:28 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id BA12F31026
 for <tor-talk@lists.torproject.org>; Fri,  3 Oct 2014 22:27:24 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 9PZP-_uTDs21 for <tor-talk@lists.torproject.org>;
 Fri,  3 Oct 2014 22:27:16 +0000 (UTC)
Received: from turtles.fscked.org (turtles.fscked.org [76.73.17.194])
 by eugeni.torproject.org (Postfix) with ESMTP id C60F630EF9
 for <tor-talk@lists.torproject.org>; Fri,  3 Oct 2014 22:27:16 +0000 (UTC)
Date: Fri, 3 Oct 2014 15:27:06 -0700
From: Mike Perry <mikeperry@torproject.org>
To: tor-talk@lists.torproject.org
Message-ID: <20141003222706.GF9509@torproject.org>
References: <542E5246.5070006@tengu.ch>
MIME-Version: 1.0
In-Reply-To: <542E5246.5070006@tengu.ch>
Subject: Re: [tor-talk] orWall 1.0.0 released!
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============8983774281038105860=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============8983774281038105860==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="8TaQrIeukR7mmbKf"
Content-Disposition: inline


--8TaQrIeukR7mmbKf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

CJ:
> Hello!
>=20
> just a small update regarding orWall: it's released 1.0.0!
> There's still *one* annoying issue regarding the tethering, but it
> should be OK next week. Just have to take some time in order to debug
> this for good.
>=20
> orWall provides now a brand new UI in order to be easier to handle.
> There's also an integrated help (as a first-start wizard we might call
> later on).
> There are many new features and improvements, like:
>=20
> - ability to disable all rules and let the device access freely the Net
> - for each app, the possibility to access some advanced settings
> allowing to bypass Tor, or tell orWall the app knows about proxies or Tor
> - better management for the init-script
> - better management for iptables rules
> - translations in French, German and Italian are almost done

Hey CJ, just wanted to let you know that I've tried OrWall and it's a
huge improvement! Way better user experience on just about every front!

I also have not detected any leaks on my upstream router, either.

When I get a chance, I will update the original blog post to recommend
OrWall instead of my crazy Droidwall hack scripts.
=20
> Any feedback from Tor/Orbot users interest me in order to improve
> orWall. I think the current release is pretty good, but as the main dev
> I'm maybe not that neutral regarding this statement ;).

The one thing is that I find the long-press options for "Connectype
type" confusing:=20

 - "Force connection" to what? I assume through Tor's transproxy because
    of the REDIRECT text, but this will not be clear to users who are
    unfamiliar with iptables.
    How about: "Redirect all network activity"

 - What does "native capacity"/"fenced path" mean? Does that mean only
   access to the local SOCKS/HTTP proxy ports in Tor's case?
   How about: "Only allow local proxy port access"

These are complicated ideas to convey, though. I'm not sure my
suggestions are the best ones either.


I also suggest soliciting input about the DNS issue we discussed where
DNS queries are done by root on Android 4.3+ unless the
'ANDROID_DNS_MODE=3Dlocal' environment variable is set. Perhaps someone
will come up with a clever hack to set this env var in a persistent way
that we haven't thought of, or find some way to write a shim on the DNS
resolution filesystem socket to enforce what we want.

You could list this on a known issues or FAQ page, or in your bugtracker
I guess. Making root/UID 0 handle DNS is also a security risk, and I'm
very surprised the Android team thought this was a good idea. :/


Also looking forward to the "Logs" window doing something :)



--=20
Mike Perry

--8TaQrIeukR7mmbKf
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJULyK5AAoJEEEC+JXS8eGG94cQAIKhk9bhRPAzE7Exxkl18iQG
hVl9Nngydq4V+KO4wRLLB+72QMdmeffK5yjQn/mbHkzI9aWjiQ5c68zPvESqeV3H
jlDm9b3VpalTLhtFaRjJgX/bj6P9oRsd3A5sU1vCwA8Onnc4/Tzdi3QsRyAvgVOp
QZPSvbDuYWdR1e0ww/BZjDpH6YgV5/GqdK4wLO2U+v/u/xCbJeC6sYQ2TQga5dAp
gVH9Al7meooQHR14z3Z+U3i3ivxpWkgdgu3KHHrB4qhjPZ2Uc4PBkJMa7wvRcAzV
ye8fSsFK25EFfUjmT9uTqVguwnCvknccsnZ9AuKAkiArRSm2Cg4ewN5D/uQCfjyr
y62yqF404RNngZraYb4YqowBSxGwJgEmPbu1BFdBgiMfL2v4PPllDSEskV10mkdU
yn0uHayjm8FNR9aILDbNFhBppWq8g6xAtMGMzVU78YREHywelskPvOXpQPlntML3
4c/hsnxHQN0gpRTV8eTocGxuBw7aZt81hVh5ypxtPHs0/XZUQnrGPPZ5Ic5nUHvh
3TNlxLsHfHADNHDVtZHJmACBMUbii4kAqzinELuweSMwpECiZHcI/QrYgo9unDCw
Aa4SIQGEKZu9IqfVKRLtBEEj4Dtc+nJ6BKm6BKAAIhhv4FnoX0C7T4bpA12ezfL0
ClUXSZoJvE5mojmNK/SI
=/09O
-----END PGP SIGNATURE-----

--8TaQrIeukR7mmbKf--

--===============8983774281038105860==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============8983774281038105860==--

