Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
More non-Decryptables (from Mozilla Cloud)
View unanswered posts
View posts from last 24 hours

Goto page 1, 2  Next  
Reply to topic    Gentoo Forums Forum Index Off the Wall
View previous topic :: View next topic  
Author Message
miroR
l33t
l33t


Joined: 05 Mar 2008
Posts: 826

PostPosted: Fri Nov 27, 2015 10:52 am    Post subject: More non-Decryptables (from Mozilla Cloud) Reply with quote

title: More non-Decryptables (from Mozilla Cloud)
---
I have a miniature:

http://croatiafidelis.hr/foss/cap/cap-151125-plus-cert/

which is not very difficult to inspect, with the use of my
script:

Code:

tshark-streams.sh

(which is commented with enough instructions even for newbies) currently on:

http://www.CroatiaFidelis.hr/foss/cap/cap-150927-TLS-why-js/Add-151119/

or to inspect it in other ways. The 17 not-too-complex streams being the quantity and quality of what, in the first place that traffic dump in there contains, is not so very very much even for clicking through and saving them for inspection, with Wireshark.

I have been gripped (since long) by the just (and difficult to truly accomplish) desire to control my machine fully when I go online.

I have found a lot of help from Gentoo as the leader in hardening, in achieving that, and still hope to get more help, also from the voiced support here on Gentoo Forums (and I also hope to be of help myself to other Gentoo users). The huge help was by the paramount, near-perfectly hardened architecture of Gentoo, which is a non-interactive, not-much-voiced (or -written as in Forums) help/support, but is the intrinsic support.

To explain this quest of mine, and for you the reader to see it you can help, for you to see the issues that whithout unraveling of which I can't solve my quest, download the files from the miniature cap-151125-plus-cert/ directory (in the link in the top).

It contains a few files.

The screencast of duration 0:02:01:

Screen_151125_1447_g0n.mkv

, best viewed quickly (at higher speed, say in mplayer) as its information is of marginal importance. Still, it's good to know that no other link whatsoever has been user-requested, id est: by me, other than that one you can see there "https: //www .rovis.org /cpanel" (the whilespaces in the link is as it should not be clickable here. It is a user's, mine, address to access my CPanel at my hoster).

Really it is pretty unimportant, even the scary "This Connection is Unrusted", as what I seek help about is in the traffic dump.

To be able to see what is in the traffic dump, in case you are a newbie, or an advanced user who haven't gotten into SSL decryption before, I apologize but I have no better link to offer you, as it contains other necessary links (importantly links to knowledge of not mine publishing), but the somewhat, by predominatly of my own clumsy writing:

SSL Decode & My Hard-Earned Advice for SPDY/HTTP2 in Firefox
https://forums.gentoo.org/viewtopic-t-1029408.html

To follow this topic, you need to be able to install the:

dump_151125_1447_g0n_sesskeys.txt

and set the $SSLKEYLOGFILE environment variable. Pls. read there, you can not follow further without that set.

Then only comes the traffic dump with the problem, that I seek help about, in it. The problem is in the decrypted SSL stream 14, and that stream can not be decrypted if the session keys are not seen by Wireshark installation (and by its part: tshark).

They must be there for Wireshark, the session keys which were used for that miniature of 17 network conversations, which all happened almost two days ago now, when I connected my machine to the internet and I got online with virgin (see below) Firefox.

The traffic dump is:

dump_151125_1447_g0n.pcap

and now you should be able to, maybe best (if you downloaded my tshark-streams.sh), run (empty dir with perms, copy or move the PCAP in it, et cetera):

Code:

$ tshark-streams.sh dump_151125_1447_g0n.pcap "tcp.stream eq 14"


(If you're courious how a single tshark-streams.sh run can get all the streams out for you, issue:
Code:

$ tshark-streams.sh dump_151125_1447_g0n.pcap

and all 17 streams will be taken out, fourfold, tcp: ascii and raw, and ssl: ascii and raw).

In comparison with:

Mozilla Cloud non-Decryptable Download?
https://forums.gentoo.org/viewtopic-t-1031758.html

I have less ground to cover, as I had been given the right advice by a Mozilla developer in that topic:

https://forums.gentoo.org/viewtopic-t-1031758.html#7835876

with the link to Andrew Sutherland's reply (which I'm also reproducing here):

https://groups.google.com/d/msg/mozilla.dev.security/abSHPU4EaP8/9NitJEGICAAJ

Andrew Sutherland wrote:

It's likely a MAR file. If it is, the file header should start with the magic keyword "MAR1". See https://wiki.mozilla.org/Software_Update:MAR for more details and a link to a file at the bottom that understands them.

You make reference to a "GET" inside the HTTPS data-stream. It may be worth manually downloading that URL separately using wget/curl/other and seeing what is extracted from that. It's possible that in the hexediting you extracted part of the framing around the file, and this would likely help shed light on that. Alternately, from brief searching, it sounds like wireshark should already be able to save the decompressed content streams from HTTP via "File -> Export Objects -> HTTP"?


"It's possible that in the hexediting you extracted part of the framing around the file, and this would likely help shed light on that." sounds still somewhat unclear to me. Still (after reading this kind advice carefully at different times).

The saving of "the decompressed content streams from HTTP via "File -> Export Objects -> HTTP"?" I didn't quite get. (Note at proofreading time: I did get it as I wax writing, see the next post.)

I have studied the Mozilla Wiki MAR page, and from then on I have in my machines scripts dir, the /usr/local/bin/, that mar.py script (from the link in the bottom of that wiki page) available. And I know how to use it. And I can recognize Mozilla archive files by the MAR1 string when I open streams in hexedit.

When considering the non-decryptables(?) in ssl stream 14 of my miniature, I remembered the advice (gotten in that previous, temporarily abandoned, quest-topic) to try and get the data in question from the link in the "\"GET\" inside the HTTPS data-stream".

I can start from those. Then my dilemma for which I need solution will be clearer. Not a matter that can be asked so very quickly. Quickly is how the data travels in the network. Not the analyzing of it.

For that asking, I need at least?, or maybe only just?, one more post.
Back to top
View user's profile Send private message
miroR
l33t
l33t


Joined: 05 Mar 2008
Posts: 826

PostPosted: Fri Nov 27, 2015 11:11 am    Post subject: Reply with quote

Continuing, but for possible Mozilla experts that may have parachuted into this topic, all the information necessary to follow this second part is at:

http://www.croatiafidelis.hr/foss/cap/cap-151125-plus-cert/

(and the possible Mozilla experts who will hopefully be reading this, bear with me and skim more quickly through the slow explaining for non-experts; thank you!)

Not for all issues am I able to use tshark yet.

In Wireshark, open the dump_151125_1447_g0n.pcap (which is in that previously empty dir with perms et cetera).

Type or paste, in the filter, this string:

Code:

tcp.stream eq 14

and hit Enter.

And while looking at what options I have under File menu, I understood what, as I explained in the previous post in this topic, the kind Mozilla dev (obviously an old guard, or in the tradition of the Old Guard Mozilla), wrote about exporting objects. (Questioning correctly helps solving.)

So: File > Export Objects > HTTP...

and a window with "Wireshark - Export - HTTP object list" in its title at the top, opens.

It contains a list of (all the) objects from the dump.

You can then choose to save all or save a particular one from that list. Save them in a directory you create for that purpose:

dump_151125_1447_g0n_s014-O-W/

("-O" for objects, "-W" for Wireshark; ;-) this could be done with tshark, but that is not in my knowhow at this time)

The important ones that I want to know about are listed as:

Code:

440    tracking-protection.cdn.mozilla.net    application/octet-stream        54kB    1445465225
767    tracking-protection.cdn.mozilla.net    application/octet-stream       307kB    1446507423

They are at their place in that numerically ordered list in that window, and measure, in tens of kB.

Another thing to do is:

File > Export Packet Dissections > As Plain Text

and keep selected (All packets), (Displayed) where it'll show you 408 the number of packets, (Summary line), (Details) and select (All expanded),

and save as:

dump_151125_1447_g0n_s012-dissect-e-W.txt

('-W' for Wireshark, '-e' is for extended.)

It's a huge text file:

Code:

$ ls -l dump_151125_1447_g0n_s012-dissect-e-W.txt; ls -lh dump_151125_1447_g0n_s012-dissect-e-W.txt;
-rw-r--r-- 1 miro miro 1741877 2015-11-27 06:44 dump_151125_1447_g0n_s012-dissect-e-W.txt
-rw-r--r-- 1 miro miro 1.7M 2015-11-27 06:44 dump_151125_1447_g0n_s012-dissect-e-W.txt
$

If you grep it for:

Code:

$ grep "Full request URI" dump_151125_1447_g0n_s012-dissect-e-W.txt
    [Full request URI: https://tracking-protection.cdn.mozilla.net/mozstd-track-digest256/1445465225]
    [Full request URI: https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1446507423]
$

and if you wget those (at least I was able to, yesterday):

Code:

wget -nc https://tracking-protection.cdn.mozilla.net/mozstd-track-digest256/1445465225
wget -nc https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1446507423

they downloaded, for me (and they downloaded exactly those two objects that I was able to export with Wireshark).

But this, yesterday, resulted with:
Code:

wget -r https://tracking-protection.cdn.mozilla.net/
HTTP request sent, awaiting response... 403 Forbidden

so no new peice of information was I able to glean that way.

Also, opening both those objects previously saved into files: 1445465225 and 1446507423 in hexedit and searching for MOZ1 in ascii, does not come up with any finds. So those are not Mozilla archives, at least not complete with the header and all.

Now I believe my dilemma, my quest, my questions are easy to clearly formulate (and it is so even for hard-working newbies who followed and studied what they needed to):

What are those two files, and how do I decrypt them to see their content, or if they are some binaries, to know what programs are they part of, and what exact (names and paths) of binaries are they, if that is the case, part of?

Or if they are something else, what exactly, and what their purpose is to be downloaded into my system? And where are they now in my system?

The exact addresses of these two replies form the "Mozilla Cloud non-Decryptable Download?" topic/ML-thread are currently unknown to me, because I wouldn't be able to keep my Firefox virgin from online if I tried to search for them, and Dillo can not view the google groups, as those are done by some (mild words here but I feel angry) special standards (for only big, ..., browsers), but they are in the follow-up to my query to Mozilla dev-security list, which you should find (I wasn't able either to download it with wget, but I had posted it at https://forums.gentoo.org/viewtopic-t-1031758.html#7835698 and I check every link carefully when I post).

And my query to Mozilla dev-security list to which the replies are in the follow-up, starts at:

https://groups.google.com/d/msg/mozilla.dev.security/abSHPU4EaP8/s-5UMFJsCAAJ

So, looking up a previous reply on :
Julien Vehent wrote:

Your PCAP indicates the source IP is a cloudfront endpoint, which we use to distribute updates, tracking protection, addons and so on. None of those binaries are encrypted, only the transport is secured with TLS, so if you get the cleartext traffic you'll obtain the cleartext binary.

I can see that those two files are from "tracking protection", but I really don't see that they are anything decryptable, as Julian says they should be.

Julien had also written in his next reply:
Julien Vehent wrote:

I'm not familiar with gzip's internal, but I can only imagine that the "encryption" error is a misreading of the file. Maybe you're missing chunks? Maybe your extraction process corrupted the data?

The entire traffic dump is pretty clean, and I'm not an expert, but it doesn't seem to me there are any anomalies detected by Wireshark in the capture. No errors whatsoever...

It may even be that they are some SHA256 sums? Saying that because there is the '-digest256/' in the uri from which they were GET'ed. But if they are SHA256, hashes of what are they?

Also worth telling is, that I do not have any safe-browsing, any tracking or physhing protection or whatever those are called, I don't have any of those enabled in my Firefox. It will be seen in today's screencast and traffic dump, which I plan today, with virgin Firefox, from my Air-Gapped machine, from near-absolutely clean, no influece from online possible in it.

Why then, and also how did this come to be triggered? From where? Automatically, or set by some particular program for some particular purpose as, say, on some particular fraction of the Firefox users which include me, because of some reason, whichever that it be, by the huge harvester programming interfaces at those locations where special clearance only gets any professionals allowed (virtually or even physically) in?

I'll be trying to log in to my account at my hoster's, which I haven't been able to do in nearly half a year.

I wouldn't have been able to try anything that would get me any results previously, as I believed up unto recently, that SSL can not be decrypted by mere users.

In the new screencast and traffic dump (which at the time of this writing do not exist yet, but are only planned), I will first show my Firefox settings, where no physhing protection, or tracking protection, or safe browsing or such, are enabled at all.

I will also, in the next post, or another topic, explain how my Firefox will be "virgin", that is: untouched from online, which I will try the aforementioned login with.

And in the meantime, I will alos try to ask at mozilla.dev.security mailing list about those two files, what they are.

Kind regards!
Back to top
View user's profile Send private message
John R. Graham
Administrator
Administrator


Joined: 08 Mar 2005
Posts: 10459
Location: Somewhere over Atlanta, Georgia

PostPosted: Fri Nov 27, 2015 11:16 am    Post subject: Reply with quote

Moved from Networking & Security to Off the Wall. Not really a support request nor really about Gentoo so it fits better here.

- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters.
Back to top
View user's profile Send private message
miroR
l33t
l33t


Joined: 05 Mar 2008
Posts: 826

PostPosted: Fri Nov 27, 2015 11:55 am    Post subject: Reply with quote

I have sent an enquiry to:

Mozilla dev-security
(the archives being at:)
http://groups.google.com/group/mozilla.dev.security

I can't yet check if it arrived, since I want to try the more complex login with Firefox, for which I really want to start with a "virgin" Firefox install (not modified in any way from online).

But it ought to be a follow-up in the same thread, after:

Andrew Sutherland's reply in the thread:

Mozilla Cloud non-Decryptable Download?
https://groups.google.com/d/msg/mozilla.dev.security/abSHPU4EaP8/9NitJEGICAAJ

Regards!
Back to top
View user's profile Send private message
energyman76b
Advocate
Advocate


Joined: 26 Mar 2003
Posts: 2045
Location: Germany

PostPosted: Fri Nov 27, 2015 8:03 pm    Post subject: Reply with quote

John R. Graham wrote:
Moved from Networking & Security to Off the Wall. Not really a support request nor really about Gentoo so it fits better here.

- John


oh well... thanks a lot. Really. I mean it. *sigh*
_________________
Study finds stunning lack of racial, gender, and economic diversity among middle-class white males

I identify as a dirty penismensch.
Back to top
View user's profile Send private message
miroR
l33t
l33t


Joined: 05 Mar 2008
Posts: 826

PostPosted: Sun Nov 29, 2015 12:36 pm    Post subject: Reply with quote

For my query, I have received prompt and very instructive replies from two
Mozlla developers.

For all the links below, the subject of the thread is:

Mozilla Cloud non-Decryptable Download?

Andrew Sutherland's reply:
https://groups.google.com/d/msg/mozilla.dev.security/abSHPU4EaP8/8010PZ5sCQAJ
[*]

Francois Marier's reply:
https://groups.google.com/d/msg/mozilla.dev.security/abSHPU4EaP8/V5TQb7VtCQAJ
[**]

In my reply I thanked them and promised I would study the links, and the instructions, given:

https://groups.google.com/d/msg/mozilla.dev.security/abSHPU4EaP8/Zeebr1SLCQAJ
[***]

along with telling them of more troubles in the topic:

Firefox Login Failures
https://forums.gentoo.org/viewtopic-t-1034152.html

, truly unknown at this time, for that topic, if related or not with either this one that you are reading:

More non-Decryptables (from Mozilla Cloud)
https://forums.gentoo.org/viewtopic-t-1034140.html

or the previous one:

Mozilla Cloud non-Decryptable Download?
https://forums.gentoo.org/viewtopic-t-1031758.html

---
I'm curious to know if the new google groups interface, which, for my browsing (surely only with one of the big browsers, Google wouldn't allow my Dillo, nor my Wget, to open, or respectively, download these pages)...

[I'm curious to know if the new google groups interface, which, for my browsing] consists in turning, in the address bar, the above links into strict some-kind of google-own-javascript-powered urls straight upon being opened, is what happens in mandatory ways in other places as well.

I remember back a few years ago now, that the choice was offered to stay with the old, normal-HTTP-urls in the address bar interface.

But now the links above turn willy-nilly (no choice offered to stay with the old interface in Croatia), into google-own-javascript-powered url.

Those above, turn into these (in Croatia) (you can only paste those in, and remove the space after https: when doing so, else, the link remains in phpBB to only part of the complete link):

[*] turns into:
https: //groups.google.com/forum/#!msg/mozilla.dev.security/abSHPU4EaP8/8010PZ5sCQAJ

[**] turns into:
https: //groups.google.com/forum/#!msg/mozilla.dev.security/abSHPU4EaP8/V5TQb7VtCQAJ

[***] turns into:
https: //groups.google.com/forum/#!msg/mozilla.dev.security/abSHPU4EaP8/Zeebr1SLCQAJ

Is that so, in such mandatory way, in other places? That is what I would like to know.

Also, there is no way to get the normal particular url links for each of the message (those that I gave first, in the top) other then from the javascript little menu, which is at the height of the start of each particular message, but on the right side of the Firefox window (the small triangle with the edge looking down).

And since this question of mine is a subtopic, I hope that I'll be allowed to leave this subquery in its own post (for even splitting apart and away from this More non-Decryptables (from Mozilla Cloud), link already given above, if needed)...

...And write more in a new post regarding the kind replies that I got from Mozilla developers.
Back to top
View user's profile Send private message
miroR
l33t
l33t


Joined: 05 Mar 2008
Posts: 826

PostPosted: Sun Nov 29, 2015 4:47 pm    Post subject: Reply with quote

If developers like Andrew Sutherland and François Marier are allowed their ways, there is a lot of hope for Mozilla.

I have to say that I have been honored to have corresponded with these developers.

And I am really glad to have been this close to the bleeding edge of development, as far as a non-expert but somewhat advanced user that I am, could possibly be.

Here are their replies, so people who want normal browsing without google groups shebang in the links (if the case described in the, currently at least, immediately previous post of mine to this, is such in other places as well), can read their kind replies to my query.

Mozilla developer Andrew Sutherland wrote:

On Fri, Nov 27, 2015, at 06:46 AM, miro.rovis@... wrote:

previously deployed, which is there to download), the two files, both
from:

https://tracking-protection.cdn.mozilla.net/mozstd-track-digest256/

It can be seen that they are not MOZ1; again, when SSL decrypted (no
MOZ1 to be found with hexedit).


See
https://feeding.cloud.geek.nz/posts/how-tracking-protection-works-in-firefox/
for a description of the underlying tracking protection implementation
and links to a script that can help you dump and analyze these files.
(And links to other info too.)


And,
Mozilla developer François Marier wrote:

On 27/11/15 03:46 AM, miro.rovis@... wrote:

https://forums.gentoo.org/viewtopic-t-1034140.html#7847334

But in short: if these are legitimate, what are they, and where are they
now in my system.


The small one is the tracking protection blacklist
(mozstd-track-digest256) and the larger one is the entity whitelist
(mozstd-trackwhite-digest256).

You can find more info about these lists here:

https://wiki.mozilla.org/Security/Tracking_protection#Lists

Quote:

(Also why any "tracking protection" when I don't have it in my Firefox
settings?)


They are downloaded if one (or both) of these prefs is turned on:

privacy.trackingprotection.enabled (default: false)
privacy.trackingprotection.pbmode.enabled (default: true)

Francois

Do enable those! And read on!

I studied these links given, but only after I searched duckduckgo.com and found the following article on tracking protection did it dawn on me, that the good developers, in the Old Mozilla Guard tradition, who care for users, and don't sell them, may be having a come back!

See this article for yourself (just don't be misled by the title, the tide seems to have turned, exactly with the currently latest Firefox 42.0):

Mozilla appears to abandon Firefox tracking protection initiative: Is privacy protection impossible?
http://www.zdnet.com/article/mozilla-abandons-firefox-tracking-protection-initiative/

The article is by Ed Bott , an expert on Windows (but who does not endorse Microsoft in any way), but who, instead, has:
Ed Bott wrote:

been pounding the table about privacy for years, long before Ed Snowden appeared on the scene.


And for completeness, these Mozilla guys do exactly the thing that even advancedusers like me have been crying out to be done... Really disable tracking in Firefox!

I would have liked to make a few more remarks (I'm editing this post for the first time), but I've only started familiarizing with what the Good Old Guard Mozilla developers are doing as the tide is turning in users' favor... The links Andrew and François gave and the Ed's article, however, are a very rich resource for true *nix lovers and enthusiasts that many of us in Gentoo community are... So...

Just have a look at what is being disconnected, the trackers that are being disconnected when you have Tracking Protection on, at:

https://disconnect.me/trackerprotection/blocked

Some of the great great entries ;-) ;-) ;-) are:

Code:

facebook.com

<you-name-it>.google.com

<a-few-of>.akamai.com

and I'm sure you'll find many others ;-) ;-) ...

A word of caution. The tide could turn against us the users' benefit... You never know... But, spread the word that good thinga are now in Firefox...

And, well, myself... I need to study more. (Reading the network gets you even huge books per few seconds, very often, brother in *nix!)

It's a real pity this topic is undeservedly thrown into Off the Wall, as users may have trouble finding this information. IMO, this is a serious topic in which I haven't really failed in any way, to my best human efforts, and it should be in the Network and Security section. But I'm complying, I'm not more of a rebel than I need to be.

Regards!


Last edited by miroR on Sun Nov 29, 2015 8:49 pm; edited 2 times in total
Back to top
View user's profile Send private message
John-Boy
Guru
Guru


Joined: 23 Jun 2004
Posts: 442
Location: Desperately seeking moksha in all the wrong places

PostPosted: Sun Nov 29, 2015 4:49 pm    Post subject: Reply with quote

miroR wrote:
I'm not more of a rebel than I need to be.


Gladiators ... could be a bit on the rebellious side you know.
_________________
Like the Roman, I seem to see "the River Tiber foaming with much blood"
Back to top
View user's profile Send private message
energyman76b
Advocate
Advocate


Joined: 26 Mar 2003
Posts: 2045
Location: Germany

PostPosted: Sun Nov 29, 2015 9:08 pm    Post subject: Reply with quote

How long until he realizes that nobody gives a shit?
_________________
Study finds stunning lack of racial, gender, and economic diversity among middle-class white males

I identify as a dirty penismensch.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 18558

PostPosted: Sun Nov 29, 2015 9:29 pm    Post subject: Reply with quote

energyman76b wrote:
How long until he realizes that nobody gives a shit?
I've wondered if it could be useful information. But since he seems to lack interest in informing people about the what and why he is writing, it seems nonsensical. I'm not going to try reading it all to decipher the point and context.
_________________
Your lips move, but I can't hear what you're saying.
Back to top
View user's profile Send private message
Bones McCracker
Veteran
Veteran


Joined: 14 Mar 2006
Posts: 1611
Location: U.S.A.

PostPosted: Mon Nov 30, 2015 12:49 am    Post subject: Reply with quote

Knock knock.

Wake up, Neo.





Just kidding. I only read your first couple of posts, but I would think this is part of the new "tracking protection" functionality just rolled out by firefox. You should ask Monica Chew about about it. Here is a briefing on it:

From a while back (you can probably skip the background crap and go to 11:35):
https://air.mozilla.org/tracking-protection-for-firefox/

From a few days ago:
https://air.mozilla.org/november-privacy-lab-tracking-protection/
_________________
patrix_neo wrote:
The human thought: I cannot win.
The ratbrain in me : I can only go forward and that's it.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6715

PostPosted: Tue Dec 01, 2015 12:39 am    Post subject: Reply with quote

energyman76b wrote:
How long until he realizes that nobody gives a shit?

He's been at it for well over half a decade at this point. I don't think his brain's wired in a way that *allows* him to realize that.
Back to top
View user's profile Send private message
miroR
l33t
l33t


Joined: 05 Mar 2008
Posts: 826

PostPosted: Sun Dec 06, 2015 2:52 pm    Post subject: Reply with quote

( And I saw the other comments. )
pjp wrote:
energyman76b wrote:
How long until he realizes that nobody gives a shit?
I've wondered if it could be useful information.

I thought I reached to some conclusion there, and I still think so.
pjp wrote:
But since he seems to lack interest in informing people about the what and why he is writing, it seems nonsensical. I'm not going to try reading it all to decipher the point and context.

I haven't ever been able to attend daily at these forums. (And it's unlikely that I will ever be daily regularly attending. See below.)

I posted that post with the replies from Mozilla devs, and I actually logged in, IIRC, a few hours later. Your post wasn't there yet. I would have replied to you.

But there was nothing but the first post after that post of mine, which that first post has nothing to do with the topic.

The first post that has to do with the topic is by Cracker:

https://forums.gentoo.org/viewtopic-t-1034140.html#7848246

But this is the first time I logged in since I left back then. And I'm here to reply.

I used to think you, pjp, wouldn't dismiss me so quickly.

If I hadn't already, and were only now to, these days, to write the post (which I hope you remember was reported, and which you approved to remain):

Why is Gentoo not switching to systemd?
https://forums.gentoo.org/viewtopic-t-998108-start-300.html#7624042

(and the #7624044 right underneath), could I do it, now that I seem to maybe have even you against me?

In the dumps given at the start of the topic or so, all the tls/ssl streams are perfectly decryptable, but just those two files are not. All can be checked. And then the Mozilla devs told me what they are. So all, the dump, and the screencast, adds up with their info.

But sure this is not something even advanced users can do in half a minute, it's reading the netwrork...

(And I myself am probably the slowest among you to get to fully understand many of those intricacies. Too old to get it fast and without much effort.)

Let alone that I'm often confined to bed because of poor health. But don't take that as an excuse, since I can still grasp most of the replies, even in jargon, and reply where needed and where I make it in time (like I didn't make it in time, or something else was the matter, in the Undecipherable posts and a call for moderator action (for which I thank whoever returned to it that original title by Akkara, as, for at least a few days, it bore the title, to the effect of "...miroR's universe...")

But I need more time to see what Cracker meant in his post. Because I'm struggling with Cinelerra (revamped and available since a few months ago:

http://cinelerra.org/2015/index.php/2015-03-03-21-28-12/newsletter

but not available in Gentoo (not even testing ~amd64 as mine)

https://packages.gentoo.org/packages/media-video/cinelerra

at this time).

Regards!


Last edited by miroR on Sun Dec 06, 2015 3:27 pm; edited 1 time in total
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 7962
Location: Austria

PostPosted: Sun Dec 06, 2015 3:10 pm    Post subject: Reply with quote

whatever.
_________________
backend.cpp:92:2: warning: #warning TODO - this error message is about as useful as a cooling unit in the arctic
Back to top
View user's profile Send private message
Bones McCracker
Veteran
Veteran


Joined: 14 Mar 2006
Posts: 1611
Location: U.S.A.

PostPosted: Sun Dec 06, 2015 5:23 pm    Post subject: Reply with quote

I am sorry to learn that miroR is often confined to bed with poor health, and I hope he recovers soon.
_________________
patrix_neo wrote:
The human thought: I cannot win.
The ratbrain in me : I can only go forward and that's it.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 18558

PostPosted: Mon Dec 07, 2015 2:26 am    Post subject: Reply with quote

miroR wrote:
I seem to maybe have even you against me?
I'm not against you, I just can't make much sense of your postings. Something similar to writing an informative essay would probably help. Or maybe it is just a language barrier. Best of luck!
_________________
Your lips move, but I can't hear what you're saying.
Back to top
View user's profile Send private message
miroR
l33t
l33t


Joined: 05 Mar 2008
Posts: 826

PostPosted: Mon Dec 07, 2015 4:31 am    Post subject: Reply with quote

pjp wrote:
miroR wrote:
I seem to maybe have even you against me?
I'm not against you,

Thanks for replying. And I trust your words.

But I would have liked if you answered my question if that post (deemed a "whatever" by genstorm) in Why is Gentoo not switching to systemd? would have been possible. Would you still allow it?

Remember I gave pretty long exposé there where I took previously cited Christopher Barry's Open letter to the Linux World to stress that systemd was about surveillance (and so was/is dbus, their sine-qua-non for full and comfortable deployment).

And where I recalled the forgotten episode where one of the top brains on Linux security, Bradley spender Spengler, the grsecurity developer, and others, told what LSM was about, that it was created and designed to take in the NSA's SELinux (
which is still massively deployed in newbies FOSS Linuces generally; Is it so in Gentoo as well? Is it recommended in Gentoo such as it is in Debian (but won't be in Devuan, where newbies, yes: newbies, are offered to go without even dbus, and that has happened also because of my influence)? Are newbies at least told a word of caution along?...
)...

And where I recalled the forgotten episode that can be read straight in the link from my signiture ever since soon after then, in all my posts (rootkit hooks in kernel)? Along with the link that khayyam didn't get to in the Uninstalling dbus and *kits (to Unfacilitate Remote Seats) (the linux capabilities for intrusion?, but tried instead to explain how Descartes' demons were doing the bind mount[ing of] a new filesystem over an existing one to backdoor any binary on the system, in the Torvalds Linux of today), and from then later has been trying to prove me wrong wherever he can...

pjp wrote:
I just can't make much sense of your postings. Something similar to writing an informative essay would probably help. Or maybe it is just a language barrier. Best of luck!


No. This is a concrete technical query. Is there really nobody who downloaded the tiny samples from:

http://croatiafidelis.hr/foss/cap/cap-151125-plus-cert/

and tried and verified, with or without my tshark-streams.sh script (just as I clearly and slowly explained at the start of the topic), how all the tls/ssl streams are decryptable just not those two streams (other than the two Mozilla devs on the Mozilla dev-security mailing list)?

Doesn't it ring at least a bell or two that Cracker, a pretty difficult person for me (no, I don't trust his sudden kindness, thank you!, but it's fine), decided to take a look at what I was so content about, and took out, or expanded upon, from the links that I gave, how my found, in this concrete technical query, ended up in truly discovering Mozilla's, it seems to me, true and revamped push for privacy?

And this concrete technical query would take unnecessarily too ample time if I did the quest on the Mozilla ML, but, just as you wrote when you allowed the posts that now probably wouldn't be allowed, and the sequence, this query, just like those posts were, is IMO fit for forums.

Such a broader quest as can be found in this topic, an search for solution from even vague premises, should be fit for forums, shouldn't it?

I'll put in the links, and if necessary add a few more words, or do so in a later post in this topic (and then link to that future local link), to explain how the no-dbus way offered in Debian, is also because of my influence, when I find the resources of time and well-being to be able to do so.

Regards! And thanks, pjp.
Back to top
View user's profile Send private message
Akkara
Administrator
Administrator


Joined: 28 Mar 2006
Posts: 6702
Location: &akkara

PostPosted: Mon Dec 07, 2015 7:37 am    Post subject: Reply with quote

Split some unhelpful posts to here

Please, let's try to keep it reasonable. There's already communication difficulties going on, there's no need to make it worse. No one's against you, miroR. It's just the way your write is not easy for many of us to understand.

_________________
Many think that Dilbert is a comic. Unfortunately it is a documentary.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 18558

PostPosted: Tue Dec 08, 2015 3:19 am    Post subject: Reply with quote

miroR wrote:
But I would have liked if you answered my question if that post (deemed a "whatever" by genstorm) in Why is Gentoo not switching to systemd? would have been possible. Would you still allow it?
What is the question? I don't see a specific question in that post, or a reference to genstorm on that page.

miroR wrote:
Remember I gave pretty long exposé there where I took previously cited Christopher Barry's Open letter to the Linux World to stress that systemd was about surveillance (and so was/is dbus, their sine-qua-non for full and comfortable deployment).
systemd is way outside the topic of this thread. In general, if you don't like it, don't use it.

miroR wrote:
pjp wrote:
I just can't make much sense of your postings. Something similar to writing an informative essay would probably help. Or maybe it is just a language barrier. Best of luck!


No. This is a concrete technical query.
Please revisit the link and consider it. If you have a query, I'm sorry, but I STILL do not have a clue what that query is.
_________________
Your lips move, but I can't hear what you're saying.
Back to top
View user's profile Send private message
Navar
Guru
Guru


Joined: 20 Aug 2012
Posts: 353

PostPosted: Tue Dec 08, 2015 6:01 am    Post subject: Reply with quote

The title is apt. Can you give a 1-2, maximum 4, sentence synopsis without web links?
Back to top
View user's profile Send private message
miroR
l33t
l33t


Joined: 05 Mar 2008
Posts: 826

PostPosted: Mon Dec 21, 2015 11:38 am    Post subject: Reply with quote

pjp wrote:
miroR wrote:
No. This is a concrete technical query.
Please revisit the link and consider it. If you have a query, I'm sorry, but I STILL do not have a clue what that query is.


Navar wrote:
The title is apt. Can you give a 1-2, maximum 4, sentence synopsis without web links?


I'll try and be around these hours. And will try and reply to the above.
Back to top
View user's profile Send private message
cokey
Advocate
Advocate


Joined: 23 Apr 2004
Posts: 3343

PostPosted: Mon Dec 21, 2015 3:11 pm    Post subject: Reply with quote

Ok, lets start again.

a) What are you trying to achieve

b) How are you trying to achieve it?

c) what is going wrong?

d) what results did you expect to see?
_________________
"Sex: breakfast of champions" - James Hunt
Back to top
View user's profile Send private message
miroR
l33t
l33t


Joined: 05 Mar 2008
Posts: 826

PostPosted: Mon Dec 21, 2015 4:37 pm    Post subject: Reply with quote

This reply I need to post, else some people would tell I procrastinate.

I haven't been able to verify parts of it, however, and to do so, I need to go through the entire technical content, as at this time, I don't remember the details... That is probably not just a half hour work, but probably (much?) more. (Try for yourself is it or not, go download and go read what those two kind Mozilla devs told me, and try to understand it; talking to general reader here.)

In the first place I need to go through again, all over, from the traffic capture that I posted, and also, surely, then, check more on the replies that I got from Mozilla devs Andrew and François.

And I'm also updating my system and have other work (apart from my turtle-speed at which I work even at my best), so I won't be able to post a complete reply very soon.

Pls. allow more time and allow some later changes in the text below in this post! Thank you.

This whole notice up to here will be removed when I do that.
---

Navar wrote:
The title is apt. Can you give a 1-2, maximum 4, sentence synopsis without web links?

Thanks for allowing that the title of the topic is appropriate. It can only mean you downloaded and wasn't able to decrypt that/those streams (don't remember one or two that they were, but all others you were able to decrypt, weren't you?). Am I not right?

But, about the brevity: Do you mean without, basically, the:

http://croatiafidelis.hr/foss/cap/cap-151125-plus-cert/

[*]

?

And without some kind of general link to SSL decryption, which is possible with Wireshark, and if you use Mozilla, and, thanks to the NSS (Network Security Services library) by Mozilla?

It just can not be understood without those. Some links are just needed.

And I really don't think the query can fit in 4 lines. I bet not even davidm, who reworded my query over here:

phpBB Strange White Space problem
https://forums.gentoo.org/viewtopic-t-1032010.html#7838488

in cleaner and more clear and shorter terms, would be able to do it, and neither do I believe you could, Navar. Shorter than I did, yes! Surely. That much shorter, no.

pjp wrote:
miroR wrote:
But I would have liked if you answered my question if that post (deemed a "whatever" by genstorm) in Why is Gentoo not switching to systemd? would have been possible. Would you still allow it?
What is the question?
I don't see a specific question in that post,

The question is with (all to be found in the opening post of the topic):
miroR wrote:

The problem is in the decrypted SSL stream 14,

and
miroR wrote:

When considering the non-decryptables(?) in ssl stream 14 of my miniature, I remembered the advice (gotten in that previous, temporarily abandoned, quest-topic) to try and get the data in question from the link in the "\"GET\" inside the HTTPS data-stream".

I can start from those. Then my dilemma for which I need solution will be clearer. Not a matter that can be asked so very quickly. Quickly is how the data travels in the network. Not the analyzing of it.

Isn't it clear that I wanted to know what was in that stream?

And that the two kind Mozilla devs gave the precise answer to that query?

pjp wrote:
or a reference to genstorm on that page.

He posted two posts in this topic. I quote one of his "whatever"s.

pjp wrote:
miroR wrote:
Remember I gave pretty long exposé there where I took previously cited Christopher Barry's Open letter to the Linux World to stress that systemd was about surveillance (and so was/is dbus, their sine-qua-non for full and comfortable deployment).
systemd is way outside the topic of this thread. In general, if you don't like it, don't use it.

Lots of other things/posts are way outside the topic... But I meant on principle. Have a look, There is even the sentence I wrote there, that I thought that Linus was a lier. [**]

pjp wrote:
miroR wrote:
pjp wrote:
I just can't make much sense of your postings. Something similar to writing an informative essay would probably help. Or maybe it is just a language barrier. Best of luck!


No. This is a concrete technical query.
Please revisit the link and consider it. If you have a query, I'm sorry, but I STILL do not have a clue what that query is.

I read carefully the link Parts of
an Informative Essay
that you gave. But it's not really about my "Compositionaly Stylings" [***] so very much. All that it is about, can be understood from what the electrons wrote in traffic dump! How come that Mozilla devs replied to the point to it, otherwise?

To the part about the query, I replied above in this post. stream 14 is pretty concrete.

Mozilla devs replies on mozilla security-dev list:

https://groups.google.com/d/msg/mozilla.dev.security/abSHPU4EaP8/8010PZ5sCQAJ

and

https://groups.google.com/d/msg/mozilla.dev.security/abSHPU4EaP8/V5TQb7VtCQAJ

give precise replies to my concrete query of this topis in Gentoo Forums that you are reading. Which I wish I had been able to deploy in less text, but was unable to.

--
[*] Are there maybe issues with downloading those files from that dir on my NGO's site? Naver was, if I'm right, able to download the files. And I signed them all with my PGP signature...

[**] A note is due here.
Back to top
View user's profile Send private message
energyman76b
Advocate
Advocate


Joined: 26 Mar 2003
Posts: 2045
Location: Germany

PostPosted: Mon Dec 21, 2015 7:51 pm    Post subject: Reply with quote

ehm, could you give some context? Most of us haven't read all your posts and DONT KNOW WHAT THE FUCK YOU ARE TALKING ABOUT!

so, short and precise: wtf are you doing, and wth happened.
_________________
Study finds stunning lack of racial, gender, and economic diversity among middle-class white males

I identify as a dirty penismensch.
Back to top
View user's profile Send private message
Muso
Veteran
Veteran


Joined: 22 Oct 2002
Posts: 1051
Location: The Holy city of Honolulu

PostPosted: Mon Dec 21, 2015 7:56 pm    Post subject: Reply with quote

energyman76b wrote:
ehm, could you give some context? Most of us haven't read all your posts and DONT KNOW WHAT THE FUCK YOU ARE TALKING ABOUT!

so, short and precise: wtf are you doing, and wth happened.


Careful, energyman76b. You don't want him to weaponize his autism.
_________________
"You can lead a horticulture but you can't make her think" ~ Dorothy Parker
2020 is the year of the Linux Desktop!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Off the Wall All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum