This fixes it.
self.tor_status_code = str(self.tor_status_result[1])
This fixes it.
self.tor_status_code = str(self.tor_status_result[1])
Fixed.
Thank you so much for catching it and fixing it!
I also added some comments to clearly document the return type:
Would you please share your approach to intentionally make Tor does not work so that we can test those unusual case?
Thank you so much, Patrick!
We actually advertise in several place that user configurations should go to 50_user.torrc
. Therefore, do you think it will be a good idea to ship an empty 50_user.torrc
file? Or maybe even have some comments telling user âYes, this is the file you should use for your configuration.â
I agree that we should have the separation.
My only concern is a user who ask for some torrc settings online, and someone provides a solution with âDisableNetwork 0â with it.Then, the users happily copy it into 50_user.torrc. From then on, anon-connection-wizard will not control the disable or enable of Tor any more since anon-connection-wizard writes to 40_.torrc which has lower priority than 50_.torrc.
Hi Patrick!
Do you mean anon-connection_wizard should parse all the torrc files like what the real Tor does and then give users a warning saying âDisableNetwork 0 is detected in torrc files which have higher priority than anon-connection-wizard, thus, anon-connection-wizard cannot decide the enable or disable of Torâ? Do I understand it correctly?
Just write garbage to /etc/tor/torrc or better any torrc.d file.
We mention it, yes.
Makes a lot sense. I however wonder how to update any comment in future should that be required. Creation of the file if none exists should be alright with comments only.
Thatâs a very valid concern. In these cases, anon-connection-wizard should detect the situation and report it. We might even break the separation, with an additional gui confirmation question?
The problem is, as far as I know, there is no comparable situation. Or do you know any applications where there are external configuration file generators and .d
folders?
Yes.
The real question is how far can tools go? Should they edit any user config file if so requested no matter what?
Perhaps I am off the track with âdonât edit some config filesâ?
Any other application that does this or anyone external who could advise?
From a usability point of view: the tool should understand all configs fully and do what the user demands. Unless there is some really special file (starting from certain numbers perhaps?) which really should be ignored by user request?
Patrick Schleizer:
Thatâs a very valid concern. In these cases, anon-connection-wizard should detect the situation and report it. We might even break the separation, with an additional gui confirmation question?
When user press the connect or disable button in anon-connection-wizard,
I think anon-connection-wizard has already got the usersâ consent that
they REALLY want to enable or disable Tor. Therefore, I guess we may
break the separation without an additional GUI confirmation?
The problem is, as far as I know, there is no comparable situation. Or do you know any applications where there are external configuration file generators and
.d
folders?
I do not know any configuration files like that yet. I would like to ask
how Tails is going to use torrc.d.
Yes.
This will be a good solution, but reimplementing include line paring in
anon-connection-wizard may be too much work for anon-connection-wizard?
(not too much work for developer as long as it is something worth
implementing.)
From a usability point of view: the tool should understand all configs fully and do what the user demands. Unless there is some really special file (starting from certain numbers perhaps?) which really should be ignored by user request?
Yes! This is exactly what I am thinking.
anon-connection-wizard will edit 40_anon_connection_wizard.torrc freely
and also 50_user.torrc just for the âDisableNetwork 0â line. This is
fair and reasonable enough considering it is the user who press that
enable and disable button. anon-connection-wizard is just taking care of
what users wants.
Or anon-connection-wizard can just use âDisableNetwork 0â in
40_anon_connection_wizard.torrc and it is usersâ responsibility not to
include âDisableNetwork 0â in any other torrc files. But this may be too
advanced for users.
What do you think?
Any other application that does this or anyone external who could advise?
Do you have any suggestion? I can definitely ask the question.
Patrick Schleizer:
Just write garbage to /etc/tor/torrc or better any torrc.d file.
Thank you for your suggestion!
We mention it, yes.
Makes a lot sense. I however wonder how to update any comment in future should that be required. Creation of the file if none exists should be alright with comments only.
Great! For updating the comments in the file, can we update it with the
upgrade of its package? I can commit a
/usr/local/etc/torrc.d/50_user.torrc
file. Is there anything else I
can do?
iry:
Patrick Schleizer:
Thatâs a very valid concern. In these cases, anon-connection-wizard should detect the situation and report it. We might even break the separation, with an additional gui confirmation question?
When user press the connect or disable button in anon-connection-wizard,
I think anon-connection-wizard has already got the usersâ consent that
they REALLY want to enable or disable Tor. Therefore, I guess we may
break the separation without an additional GUI confirmation?
Yes.
The problem is, as far as I know, there is no comparable situation. Or do you know any applications where there are external configuration file generators and
.d
folders?I do not know any configuration files like that yet. I would like to ask
how Tails is going to use torrc.d.
Ok.
Yes.
This will be a good solution, but reimplementing include line paring in
anon-connection-wizard may be too much work for anon-connection-wizard?
(not too much work for developer as long as it is something worth
implementing.)
%include parsing is cool but also low priority since very advanced users
would do that only.
Also difficult and low priority: Qubes vs persistence. Standalone VM vs
TemplateBasedVM vs bind-dirs. Like most users would have /etc/tor/torrc
persistent in sys-whonix while /etc/torrc.d is non-persistent while
/usr/local/etc/torrc.d is persistent. Therefore changing DisableNetwork
0/1 in /etc/torrc.d would also be confusing. Not sure
anon-connection-wizard should deal Qubes persistence anyhow.
From a usability point of view: the tool should understand all configs fully and do what the user demands. Unless there is some really special file (starting from certain numbers perhaps?) which really should be ignored by user request?
Yes! This is exactly what I am thinking.
anon-connection-wizard will edit 40_anon_connection_wizard.torrc freely
and also 50_user.torrc just for the âDisableNetwork 0â line. This is
fair and reasonable enough considering it is the user who press that
enable and disable button. anon-connection-wizard is just taking care of
what users wants.
40_anon_connection_wizard.torrc and 50_user.torrc only seems confusing
and inconsistent. Do you think you could handle DisableNetwork 0/1 in
all Tor config files /etc/tor/torrc /etc/torrc.d /usr/local/etc/torrc.d?
Do you think this is doable/realistic for Whonix 14?
Perhaps except for files containing readonly
? Skipped for now. (And
later during anon-connection-development development reported only?)
Or anon-connection-wizard can just use âDisableNetwork 0â in
40_anon_connection_wizard.torrc and it is usersâ responsibility not to
include âDisableNetwork 0â in any other torrc files. But this may be too
advanced for users.
This goes back to your argument âwhat if the user copied/pasted from the
internetâ. But also this would be good enough for Whonix 14.
Any other application that does this or anyone external who could advise?
Do you have any suggestion? I can definitely ask the question.
No suggestion. Just wondering.
iry:
Patrick Schleizer:
Just write garbage to /etc/tor/torrc or better any torrc.d file.
Thank you for your suggestion!
We mention it, yes.
Makes a lot sense. I however wonder how to update any comment in future should that be required. Creation of the file if none exists should be alright with comments only.
Great! For updating the comments in the file, can we update it with the
upgrade of its package? I can commit a
/usr/local/etc/torrc.d/50_user.torrc
file. Is there anything else I
can do?
Debian packages are forbidden to write to /usr/local.
Another issue with that would be: Once users edit that file we get an
dpkg interactive conflict resolution dialog.
( Configuration Files - Kicksecure )
Thatâs why I wonder how to update any comment in future should that be required
. Something hard to solve. Also the reason why we want .d
in
the first place.
Hi Patrick!
I did some testing and I think I have some findings now.
First, the default value of DisableNetwork is 0.
As per: How can we help? | Tor Project | Support
DisableNetwork 0|1
When this option is set, we donât listen for or accept any connections other than controller connections, and we close (and donât reattempt) any outbound connections. Controllers sometimes use this option to avoid using the network until Tor is fully configured. (Default: 0)
This means there is no different between DisableNetwork 0
and
#DisableNetwork 0
.
Second, no matter the value of DisableNetwork is 0/1, when we want to
disable Tor, we can always disable it successfully without any complain.
Third, the only problem is, when DisableNetwork 1
is the final value
which will be used by Tor, we will fail to start Tor (it totally makes
sense) and cause a crash on anon-connection-wizard.
If all my findings above are correct, I propose to at least partly
forget about the DisableNetwork
in Whonix, including but not limited
to anon-connection-wizard
and whonixsetup
.
Since DisableNetwork 1
is not a value that is commonly found on the
internet, we may assume whoever uses this line has full understanding on
what it means. Thus, anon-connection-wizard does not take care of
prefixing # to all the DisableNetwork 1
lines.
Although DisableNetwork 0
is default, anon-connection-wizard may still
add DisableNetwork 0
to 40_anon_connection_wizard.torrc
when Tor
will be enabled. Why? Because it will let Tor work even there is a
DisableNetwork 1
in files which have lower priority than
40_anon_connection_wizard.torrc
.
How do you like this proposal, Patrick?
Patrick Schleizer:
Debian packages are forbidden to write to /usr/local.
Another issue with that would be: Once users edit that file we get an
dpkg interactive conflict resolution dialog.( Configuration Files - Kicksecure )
Thatâs why
I wonder how to update any comment in future should that be required
. Something hard to solve. Also the reason why we want.d
in
the first place.
I see. Then how about not shipping the 50_user.torrc
?
And for better usability, we may use this comment in all the torrc:
## Do not edit this file!
## Please create and then add modifications to the following file instead:
## /usr/local/etc/torrc.d/50_user.torrc
iry:
I did some testing and I think I have some findings now.
To get a clearer picture, may I suggest to grep all of Whonix source code.
grep --exclude=README.md --exclude=GPLv2 --exclude=GPLv3 --exclude=COPYING --exclude=changelog.upstream-old1 --exclude-dir=mnt --exclude-dir=qubes-src/linux-template-builder/mnt --exclude=changelog.upstream --exclude-dir=.git --exclude-dir=chroot-debian --exclude-dir=chroot-jessie -r -i DisableNetwork
(The exclusion part grep --exclude=README.md --exclude=GPLv2 --exclude=GPLv3 --exclude=COPYING --exclude=changelog.upstream-old1 --exclude-dir=mnt --exclude-dir=qubes-src/linux-template-builder/mnt --exclude=changelog.upstream --exclude-dir=.git --exclude-dir=chroot-debian --exclude-dir=chroot-jessie
is better as a
wrapper.)
Basically grep -r -i DisableNetwork
while ignoring all the irrelevant files.
First, the default value of DisableNetwork is 0.
Itâs true but not in case of Whonix.
DisableNetwork 0|1
When this option is set, we donât listen for or accept any connections other than controller connections, and we close (and donât reattempt) any outbound connections. Controllers sometimes use this option to avoid using the network until Tor is fully configured. (Default: 0)
This means there is no different between
DisableNetwork 0
and
#DisableNetwork 0
.
Whonix default DisableNetwork 0
in
/usr/share/tor/tor-service-defaults-torrc
makes the difference.
Second, no matter the value of DisableNetwork is 0/1, when we want to
disable Tor, we can always disable it successfully without any complain.
Third, the only problem is, when
DisableNetwork 1
is the final value
which will be used by Tor, we will fail to start Tor (it totally makes
sense) and cause a crash on anon-connection-wizard.
DisableNetwork 1
doesnât crash Tor. By the description that you postedâŚ
When this option is set, we donât listen for or accept any
connections other than controller connections, and we close (and donât
reattempt) any outbound connections. Controllers sometimes use this
option to avoid using the network until Tor is fully configured.
(Default: 0)
It doesnât crash either. And if it did (which it doesnât), then it would
be a bug.
Perhaps double use of DisableNetwork 1
in
/usr/share/tor/tor-service-defaults-torrc
as well as in a torrc.d file
causes a crash?
iry:
Patrick Schleizer:
Debian packages are forbidden to write to /usr/local.
Another issue with that would be: Once users edit that file we get an
dpkg interactive conflict resolution dialog.( Configuration Files - Kicksecure )
Thatâs why
I wonder how to update any comment in future should that be required
. Something hard to solve. Also the reason why we want.d
in
the first place.I see. Then how about not shipping the
50_user.torrc
?And for better usability, we may use this comment in all the torrc:
## Do not edit this file! ## Please create and then add modifications to the following file instead: ## /usr/local/etc/torrc.d/50_user.torrc
Ok.
Thank you so much for your guidance, Patrick!
I have created $HOME/bin/mygrep
:
#!/bin/bash
grep --exclude=README.md --exclude=GPLv2 --exclude=GPLv3 --exclude=COPYING --exclude=changelog.upstream-old1 --exclude-dir=mnt --exclude-dir=qubes-src/linux-template-builder/mnt --exclude=changelog.upstream --exclude-dir=.git --exclude-dir=chroot-debian --exclude-dir=chroot-jessie "${@:2}"
I see. Whonix is adding DisableNetwork 1
to /usr/share/tor/tor-service-defaults-torrc
probably because Whonix will try to auto-start Tor when whonix-gw is started. It makes a lot of sense.
That should just be
"$@"
Double use of DisableNetwork 1
will not crash Tor. It will crash anon-connection-wizard when it wants to start Tor but it can not find /run/tor/control
. I will handle this error.
Hi Patrick! I have been thinking about this for a while.
I agree that only 40_.torrc and 50_user.torrc is modified is inconsistent. And it seems anon-connection-wizard
will be too âpowerfulâ if it also edit â/etc/tor/torrc /etc/torrc.d /usr/local/etc/torrc.dâ.
Therefore, here is my new proposal:
DisableNetwork 0
to 40_anon_connection_wizard.torrc
when user hit connect button.#DisableNetwork 0
(or nothing) to 40_anon_connection_wizard.torrc
when user hit disable button.DisableNetwork 1
. In this case, anon-connection-wizard will tell user why Tor cannot be enabled and let user handle the DisableNetwork 1
themselves. Since DisableNetwork 1
is not a value that is commonly found on the internet, we may assume whoever uses this line has full understanding on what it means.How do you like this proposal, Patrick?